Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Rising Sun

Rising Sun is a modular backdoor that was used extensively in Operation Sharpshooter between 2017 and 2019. Rising Sun infected at least 87 organizations around the world, including nuclear, defense, energy, and financial service companies. Security researchers assessed Rising Sun included some source code from Lazarus Group's Trojan Duuzer.(Citation: McAfee Sharpshooter December 2018)
ID: S0448
Type: MALWARE
Platforms: Windows
Version: 2.1
Created: 14 May 2020
Last Modified: 11 Apr 2024

Techniques Used

Domain ID Name Use
Enterprise T1071 .001 Application Layer Protocol: Web Protocols

Rising Sun has used HTTP and HTTPS for command and control.(Citation: McAfee Sharpshooter December 2018)

Enterprise T1560 .003 Archive Collected Data: Archive via Custom Method

Rising Sun can archive data using RC4 encryption and Base64 encoding prior to exfiltration.(Citation: McAfee Sharpshooter December 2018)

Enterprise T1059 .003 Command and Scripting Interpreter: Windows Command Shell

Rising Sun has executed commands using `cmd.exe /c “ > <%temp%>\AM. tmp” 2>&1`.(Citation: McAfee Sharpshooter December 2018)

Enterprise T1573 .002 Encrypted Channel: Asymmetric Cryptography

Rising Sun variants can use SSL for encrypting C2 communications.(Citation: Bleeping Computer Op Sharpshooter March 2019)

Enterprise T1564 .001 Hide Artifacts: Hidden Files and Directories

Rising Sun can modify file attributes to hide files.(Citation: McAfee Sharpshooter December 2018)

Enterprise T1070 .004 Indicator Removal: File Deletion

Rising Sun can delete files and artifacts it creates.(Citation: McAfee Sharpshooter December 2018)

Enterprise T1027 .013 Obfuscated Files or Information: Encrypted/Encoded File

Configuration data used by Rising Sun has been encrypted using an RC4 stream algorithm.(Citation: McAfee Sharpshooter December 2018)

Enterprise T1016 .001 System Network Configuration Discovery: Internet Connection Discovery

Rising Sun can test a connection to a specified network IP address over a specified port number.(Citation: McAfee Sharpshooter December 2018)

Groups That Use This Software

ID Name References
G0104 Sharpshooter

(Citation: Bleeping Computer Op Sharpshooter March 2019) (Citation: McAfee Sharpshooter December 2018)

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.