Kerrdown
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1059 | .005 | Command and Scripting Interpreter: Visual Basic |
Kerrdown can use a VBS base64 decoder function published by Motobit.(Citation: Unit 42 KerrDown February 2019) |
| Enterprise | T1574 | .002 | Hijack Execution Flow: DLL Side-Loading |
Kerrdown can use DLL side-loading to load malicious DLLs.(Citation: Unit 42 KerrDown February 2019) |
| Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
Kerrdown has been distributed through malicious e-mail attachments.(Citation: Amnesty Intl. Ocean Lotus February 2021) |
| .002 | Phishing: Spearphishing Link |
Kerrdown has been distributed via e-mails containing a malicious link.(Citation: Amnesty Intl. Ocean Lotus February 2021) |
||
| Enterprise | T1204 | .001 | User Execution: Malicious Link |
Kerrdown has gained execution through victims opening malicious links.(Citation: Amnesty Intl. Ocean Lotus February 2021) |
| .002 | User Execution: Malicious File |
Kerrdown has gained execution through victims opening malicious files.(Citation: Amnesty Intl. Ocean Lotus February 2021)(Citation: Unit 42 KerrDown February 2019) |
||
Groups That Use This Software |
||
| ID | Name | References |
|---|---|---|
| G0050 | APT32 |
(Citation: Amnesty Intl. Ocean Lotus February 2021) (Citation: Unit 42 KerrDown February 2019) |
References
- Amnesty International. (2021, February 24). Vietnamese activists targeted by notorious hacking group. Retrieved March 1, 2021.
- Amnesty International. (2021, February 24). Vietnamese activists targeted by notorious hacking group. Retrieved March 1, 2021.
- Ray, V. and Hayashi, K. (2019, February 1). Tracking OceanLotus’ new Downloader, KerrDown. Retrieved October 1, 2021.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.