Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Drovorub

Drovorub is a Linux malware toolset comprised of an agent, client, server, and kernel modules, that has been used by APT28.(Citation: NSA/FBI Drovorub August 2020)

ID: S0502

Type: MALWARE

Platforms: Windows

Version: 1.0

Created: 25 Aug 2020

Last Modified: 18 Sep 2020

Domain	ID		Name	Use
Techniques Used
Enterprise	T1071	.001	Application Layer Protocol: Web Protocols	Drovorub can use the WebSocket protocol and has initiated communication with C2 servers with an HTTP Upgrade request.(Citation: NSA/FBI Drovorub August 2020)
Enterprise	T1547	.006	Boot or Logon Autostart Execution: Kernel Modules and Extensions	Drovorub can use kernel modules to establish persistence.(Citation: NSA/FBI Drovorub August 2020)
Enterprise	T1059	.004	Command and Scripting Interpreter: Unix Shell	Drovorub can execute arbitrary commands as root on a compromised system.(Citation: NSA/FBI Drovorub August 2020)
Enterprise	T1070	.004	Indicator Removal: File Deletion	Drovorub can delete specific files from a compromised host.(Citation: NSA/FBI Drovorub August 2020)
Enterprise	T1090	.001	Proxy: Internal Proxy	Drovorub can use a port forwarding rule on its agent module to relay network traffic through the client module to a remote host on the same network.(Citation: NSA/FBI Drovorub August 2020)

ID	Name	References
Groups That Use This Software
G0007	APT28	(Citation: NSA/FBI Drovorub August 2020)

References

NSA/FBI. (2020, August). Russian GRU 85th GTsSS Deploys Previously Undisclosed Drovorub Malware. Retrieved August 25, 2020.

Drovorub

Techniques Used

Groups That Use This Software

References