Industroyer
Associated Software Descriptions |
|
Name | Description |
---|---|
CRASHOVERRIDE | (Citation: Dragos Crashoverride 2017) |
Win32/Industroyer | (Citation: ESET Industroyer) |
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
Industroyer’s main backdoor connected to a remote C2 server using HTTPS.(Citation: ESET Industroyer) |
Enterprise | T1543 | .003 | Create or Modify System Process: Windows Service |
Industroyer can use an arbitrary system service to load at system boot for persistence and replaces the ImagePath registry value of a Windows service with a new backdoor binary.(Citation: Dragos Crashoverride 2017) |
Enterprise | T1499 | .004 | Endpoint Denial of Service: Application or System Exploitation |
Industroyer uses a custom DoS tool that leverages CVE-2015-5374 and targets hardcoded IP addresses of Siemens SIPROTEC devices.(Citation: ESET Industroyer) |
Enterprise | T1090 | .003 | Proxy: Multi-hop Proxy |
Industroyer used Tor nodes for C2.(Citation: Dragos Crashoverride 2017) |
Groups That Use This Software |
||
ID | Name | References |
---|---|---|
(Citation: ESET Industroyer) (Citation: Dragos Crashoverride 2018) |
||
G0034 | Sandworm Team |
(Citation: ESET Industroyer) (Citation: Dragos Crashoverride 2017) (Citation: Dragos Crashoverride 2018) (Citation: mandiant_apt44_unearthing_sandworm) (Citation: Secureworks IRON VIKING) |
References
- Anton Cherepanov. (2017, June 12). Win32/Industroyer: A new threat for industrial controls systems. Retrieved December 18, 2020.
- Dragos Inc.. (2017, June 13). CRASHOVERRIDE Analysis of the Threat to Electric Grid Operations. Retrieved December 18, 2020.
- Joe Slowik. (2018, October 12). Anatomy of an Attack: Detecting and Defeating CRASHOVERRIDE. Retrieved December 18, 2020.
- Roncone, G. et al. (n.d.). APT44: Unearthing Sandworm. Retrieved July 11, 2024.
- Secureworks. (2020, May 1). IRON VIKING Threat Profile. Retrieved June 10, 2020.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.