HyperBro
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
HyperBro has used HTTPS for C2 communications.(Citation: Unit42 Emissary Panda May 2019) |
Enterprise | T1574 | .002 | Hijack Execution Flow: DLL Side-Loading |
HyperBro has used a legitimate application to sideload a DLL to decrypt, decompress, and run a payload.(Citation: Unit42 Emissary Panda May 2019)(Citation: Trend Micro Iron Tiger April 2021) |
Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
HyperBro has the ability to delete a specified file.(Citation: Unit42 Emissary Panda May 2019) |
Enterprise | T1027 | .002 | Obfuscated Files or Information: Software Packing |
HyperBro has the ability to pack its payload.(Citation: Trend Micro Iron Tiger April 2021) |
.013 | Obfuscated Files or Information: Encrypted/Encoded File |
HyperBro can be delivered encrypted to a compromised host.(Citation: Trend Micro DRBControl February 2020) |
||
Enterprise | T1569 | .002 | System Services: Service Execution |
HyperBro has the ability to start and stop a specified service.(Citation: Unit42 Emissary Panda May 2019) |
Groups That Use This Software |
||
ID | Name | References |
---|---|---|
G0027 | Threat Group-3390 |
(Citation: Unit42 Emissary Panda May 2019) (Citation: Securelist LuckyMouse June 2018) (Citation: Hacker News LuckyMouse June 2018) (Citation: Trend Micro DRBControl February 2020) (Citation: Trend Micro Iron Tiger April 2021) |
References
- Falcone, R. and Lancaster, T. (2019, May 28). Emissary Panda Attacks Middle East Government Sharepoint Servers. Retrieved July 9, 2019.
- Khandelwal, S. (2018, June 14). Chinese Hackers Carried Out Country-Level Watering Hole Attack. Retrieved August 18, 2018.
- Legezo, D. (2018, June 13). LuckyMouse hits national data center to organize country-level waterholing campaign. Retrieved August 18, 2018.
- Lunghi, D. and Lu, K. (2021, April 9). Iron Tiger APT Updates Toolkit With Evolved SysUpdate Malware. Retrieved November 12, 2021.
- Lunghi, D. et al. (2020, February). Uncovering DRBControl. Retrieved November 12, 2021.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.