Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Meteor

Meteor is a wiper that was used against Iranian government organizations, including Iranian Railways, the Ministry of Roads, and Urban Development systems, in July 2021. Meteor is likely a newer version of similar wipers called Stardust and Comet that were reportedly used by a group called "Indra" since at least 2019 against private companies in Syria.(Citation: Check Point Meteor Aug 2021)

ID: S0688

Type: MALWARE

Platforms: Windows

Version: 1.0

Created: 07 Mar 2022

Last Modified: 14 Apr 2022

Domain	ID		Name	Use
Techniques Used
Enterprise	T1059	.001	Command and Scripting Interpreter: PowerShell	Meteor can use PowerShell commands to disable the network adapters on a victim machines.(Citation: Check Point Meteor Aug 2021)
		.003	Command and Scripting Interpreter: Windows Command Shell	Meteor can run `set.bat`, `update.bat`, `cache.bat`, `bcd.bat`, `msrun.bat`, and similar scripts.(Citation: Check Point Meteor Aug 2021)
Enterprise	T1491	.001	Defacement: Internal Defacement	Meteor can change both the desktop wallpaper and the lock screen image to a custom image.(Citation: Check Point Meteor Aug 2021)
Enterprise	T1484	.001	Domain Policy Modification: Group Policy Modification	Meteor can use group policy to push a scheduled task from the AD to all network machines.(Citation: Check Point Meteor Aug 2021)
Enterprise	T1564	.003	Hide Artifacts: Hidden Window	Meteor can hide its console window upon execution to decrease its visibility to a victim.(Citation: Check Point Meteor Aug 2021)
Enterprise	T1562	.001	Impair Defenses: Disable or Modify Tools	Meteor can attempt to uninstall Kaspersky Antivirus or remove the Kaspersky license; it can also add all files and folders related to the attack to the Windows Defender exclusion list.(Citation: Check Point Meteor Aug 2021)
Enterprise	T1070	.001	Indicator Removal: Clear Windows Event Logs	Meteor can use Wevtutil to remove Security, System and Application Event Viewer logs.(Citation: Check Point Meteor Aug 2021)
		.004	Indicator Removal: File Deletion	Meteor will delete the folder containing malicious scripts if it detects the hostname as `PIS-APP`, `PIS-MOB`, `WSUSPROXY`, or `PIS-DB`.(Citation: Check Point Meteor Aug 2021)
Enterprise	T1036	.004	Masquerading: Masquerade Task or Service	Meteor has been disguised as the Windows Power Efficiency Diagnostics report tool.(Citation: Check Point Meteor Aug 2021)
Enterprise	T1053	.005	Scheduled Task/Job: Scheduled Task	Meteor execution begins from a scheduled task named `Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeAll` and it creates a separate scheduled task called `mstask` to run the wiper only once at 23:55:00.(Citation: Check Point Meteor Aug 2021)
Enterprise	T1518	.001	Software Discovery: Security Software Discovery	Meteor has the ability to search for Kaspersky Antivirus on a victim's machine.(Citation: Check Point Meteor Aug 2021)

References

Check Point Research Team. (2021, August 14). Indra - Hackers Behind Recent Attacks on Iran. Retrieved February 17, 2022.

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

Meteor

Techniques Used

References