Shark
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols |
Shark has the ability to use HTTP in C2 communications.(Citation: ClearSky Siamesekitten August 2021)(Citation: Accenture Lyceum Targets November 2021) |
.004 | Application Layer Protocol: DNS |
Shark can use DNS in C2 communications.(Citation: ClearSky Siamesekitten August 2021)(Citation: Accenture Lyceum Targets November 2021) |
||
Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
Shark has the ability to use `CMD` to execute commands.(Citation: ClearSky Siamesekitten August 2021)(Citation: Accenture Lyceum Targets November 2021) |
Enterprise | T1568 | .002 | Dynamic Resolution: Domain Generation Algorithms |
Shark can send DNS C2 communications using a unique domain generation algorithm.(Citation: ClearSky Siamesekitten August 2021)(Citation: Accenture Lyceum Targets November 2021) |
Enterprise | T1070 | .004 | Indicator Removal: File Deletion |
Shark can delete files downloaded to the compromised host.(Citation: ClearSky Siamesekitten August 2021) |
Enterprise | T1036 | .005 | Masquerading: Match Legitimate Name or Location |
Shark binaries have been named `audioddg.pdb` and `Winlangdb.pdb` in order to appear legitimate.(Citation: ClearSky Siamesekitten August 2021) |
Enterprise | T1027 | .013 | Obfuscated Files or Information: Encrypted/Encoded File |
Shark can use encrypted and encoded files for C2 configuration.(Citation: ClearSky Siamesekitten August 2021)(Citation: Accenture Lyceum Targets November 2021) |
Enterprise | T1497 | .001 | Virtualization/Sandbox Evasion: System Checks |
Shark can stop execution if the screen width of the targeted machine is not over 600 pixels.(Citation: ClearSky Siamesekitten August 2021) |
Groups That Use This Software |
||
ID | Name | References |
---|---|---|
G1001 | HEXANE |
(Citation: Accenture Lyceum Targets November 2021) (Citation: Kaspersky Lyceum October 2021) |
References
- Accenture. (2021, November 9). Who are latest targets of cyber group Lyceum?. Retrieved June 16, 2022.
- ClearSky Cyber Security . (2021, August). New Iranian Espionage Campaign By “Siamesekitten” - Lyceum. Retrieved June 6, 2022.
- Kayal, A. et al. (2021, October). LYCEUM REBORN: COUNTERINTELLIGENCE IN THE MIDDLE EAST. Retrieved June 14, 2022.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.