Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

PcShare

PcShare is an open source remote access tool that has been modified and used by Chinese threat actors, most notably during the FunnyDream campaign since late 2018.(Citation: Bitdefender FunnyDream Campaign November 2020)(Citation: GitHub PcShare 2014)

ID: S1050

Type: TOOL

Platforms: Windows

Version: 1.0

Created: 13 Oct 2022

Last Modified: 13 Oct 2022

Domain	ID		Name	Use
Techniques Used
Enterprise	T1071	.001	Application Layer Protocol: Web Protocols	PcShare has used HTTP for C2 communication.(Citation: Bitdefender FunnyDream Campaign November 2020)
Enterprise	T1059	.003	Command and Scripting Interpreter: Windows Command Shell	PcShare can execute `cmd` commands on a compromised host.(Citation: Bitdefender FunnyDream Campaign November 2020)
Enterprise	T1546	.015	Event Triggered Execution: Component Object Model Hijacking	PcShare has created the `HKCU\\Software\\Classes\\CLSID\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InprocServer32` Registry key for persistence.(Citation: Bitdefender FunnyDream Campaign November 2020)
Enterprise	T1070	.004	Indicator Removal: File Deletion	PcShare has deleted its files and components from a compromised host.(Citation: Bitdefender FunnyDream Campaign November 2020)
Enterprise	T1056	.001	Input Capture: Keylogging	PcShare has the ability to capture keystrokes.(Citation: Bitdefender FunnyDream Campaign November 2020)
Enterprise	T1036	.001	Masquerading: Invalid Code Signature	PcShare has used an invalid certificate in attempt to appear legitimate.(Citation: Bitdefender FunnyDream Campaign November 2020)
		.005	Masquerading: Match Legitimate Name or Location	PcShare has been named `wuauclt.exe` to appear as the legitimate Windows Update AutoUpdate Client.(Citation: Bitdefender FunnyDream Campaign November 2020)
Enterprise	T1218	.011	System Binary Proxy Execution: Rundll32	PcShare has used `rundll32.exe` for execution.(Citation: Bitdefender FunnyDream Campaign November 2020)

References

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

PcShare

Techniques Used

References