Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Turian

Turian is a backdoor that has been used by BackdoorDiplomacy to target Ministries of Foreign Affairs, telecommunication companies, and charities in Africa, Europe, the Middle East, and Asia. First reported in 2021, Turian is likely related to Quarian, an older backdoor that was last observed being used in 2013 against diplomatic targets in Syria and the United States.(Citation: ESET BackdoorDiplomacy Jun 2021)

ID: S0647

Type: MALWARE

Platforms: Windows

Version: 1.0

Created: 21 Sep 2021

Last Modified: 18 Oct 2021

Domain	ID		Name	Use
Techniques Used
Enterprise	T1071	.001	Application Layer Protocol: Web Protocols	Turian has the ability to use HTTP for its C2.(Citation: ESET BackdoorDiplomacy Jun 2021)
Enterprise	T1560	.001	Archive Collected Data: Archive via Utility	Turian can use WinRAR to create a password-protected archive for files of interest.(Citation: ESET BackdoorDiplomacy Jun 2021)
Enterprise	T1547	.001	Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder	Turian can establish persistence by adding Registry Run keys.(Citation: ESET BackdoorDiplomacy Jun 2021)
Enterprise	T1059	.003	Command and Scripting Interpreter: Windows Command Shell	Turian can create a remote shell and execute commands using cmd.(Citation: ESET BackdoorDiplomacy Jun 2021)
		.004	Command and Scripting Interpreter: Unix Shell	Turian has the ability to use `/bin/sh` to execute commands.(Citation: ESET BackdoorDiplomacy Jun 2021)
		.006	Command and Scripting Interpreter: Python	Turian has the ability to use Python to spawn a Unix shell.(Citation: ESET BackdoorDiplomacy Jun 2021)
Enterprise	T1001	.001	Data Obfuscation: Junk Data	Turian can insert pseudo-random characters into its network encryption setup.(Citation: ESET BackdoorDiplomacy Jun 2021)
Enterprise	T1074	.001	Data Staged: Local Data Staging	Turian can store copied files in a specific directory prior to exfiltration.(Citation: ESET BackdoorDiplomacy Jun 2021)
Enterprise	T1036	.004	Masquerading: Masquerade Task or Service	Turian can disguise as a legitimate service to blend into normal operations.(Citation: ESET BackdoorDiplomacy Jun 2021)

ID	Name	References
Groups That Use This Software
G0135	BackdoorDiplomacy	(Citation: ESET BackdoorDiplomacy Jun 2021)

References

Adam Burgher. (2021, June 10). BackdoorDiplomacy: Upgrading from Quarian to Turian. Retrieved September 1, 2021

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

Turian

Techniques Used

Groups That Use This Software

References