Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Chaes

Chaes is a multistage information stealer written in several programming languages that collects login credentials, credit card numbers, and other financial information. Chaes was first observed in 2020, and appears to primarily target victims in Brazil as well as other e-commerce customers in Latin America.(Citation: Cybereason Chaes Nov 2020)

ID: S0631

Type: MALWARE

Platforms: Windows

Version: 1.0

Created: 30 Jun 2021

Last Modified: 12 Oct 2021

Domain	ID		Name	Use
Techniques Used
Enterprise	T1071	.001	Application Layer Protocol: Web Protocols	Chaes has used HTTP for C2 communications.(Citation: Cybereason Chaes Nov 2020)
Enterprise	T1547	.001	Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder	Chaes has added persistence via the Registry key `software\microsoft\windows\currentversion\run\microsoft windows html help`.(Citation: Cybereason Chaes Nov 2020)
Enterprise	T1059	.003	Command and Scripting Interpreter: Windows Command Shell	Chaes has used cmd to execute tasks on the system.(Citation: Cybereason Chaes Nov 2020)
		.005	Command and Scripting Interpreter: Visual Basic	Chaes has used VBscript to execute malicious code.(Citation: Cybereason Chaes Nov 2020)
		.006	Command and Scripting Interpreter: Python	Chaes has used Python scripts for execution and the installation of additional files.(Citation: Cybereason Chaes Nov 2020)
		.007	Command and Scripting Interpreter: JavaScript	Chaes has used JavaScript and Node.Js information stealer script that exfiltrates data using the node process.(Citation: Cybereason Chaes Nov 2020)
Enterprise	T1555	.003	Credentials from Password Stores: Credentials from Web Browsers	Chaes can steal login credentials and stored financial information from the browser.(Citation: Cybereason Chaes Nov 2020)
Enterprise	T1132	.001	Data Encoding: Standard Encoding	Chaes has used Base64 to encode C2 communications.(Citation: Cybereason Chaes Nov 2020)
Enterprise	T1574	.001	Hijack Execution Flow: DLL Search Order Hijacking	Chaes has used search order hijacking to load a malicious DLL.(Citation: Cybereason Chaes Nov 2020)
Enterprise	T1036	.005	Masquerading: Match Legitimate Name or Location	Chaes has used an unsigned, crafted DLL module named `hha.dll` that was designed to look like a legitimate 32-bit Windows DLL.(Citation: Cybereason Chaes Nov 2020)
Enterprise	T1566	.001	Phishing: Spearphishing Attachment	Chaes has been delivered by sending victims a phishing email containing a malicious .docx file.(Citation: Cybereason Chaes Nov 2020)
Enterprise	T1218	.004	System Binary Proxy Execution: InstallUtil	Chaes has used Installutill to download content.(Citation: Cybereason Chaes Nov 2020)
		.007	System Binary Proxy Execution: Msiexec	Chaes has used .MSI files as an initial way to start the infection chain.(Citation: Cybereason Chaes Nov 2020)
Enterprise	T1204	.002	User Execution: Malicious File	Chaes requires the user to click on the malicious Word document to execute the next part of the attack.(Citation: Cybereason Chaes Nov 2020)

References

Salem, E. (2020, November 17). CHAES: Novel Malware Targeting Latin American E-Commerce. Retrieved June 30, 2021.

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

Chaes

Techniques Used

References