Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Snip3

Snip3 is a sophisticated crypter-as-a-service that has been used since at least 2021 to obfuscate and load numerous strains of malware including AsyncRAT, Revenge RAT, Agent Tesla, and NETWIRE.(Citation: Morphisec Snip3 May 2021)(Citation: Telefonica Snip3 December 2021)

ID: S1086

Type: MALWARE

Platforms: Windows

Created: 13 Sep 2023

Last Modified: 10 Oct 2023

Domain	ID		Name	Use
Techniques Used
Enterprise	T1547	.001	Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder	Snip3 can create a VBS file in startup to persist after system restarts.(Citation: Telefonica Snip3 December 2021)
Enterprise	T1059	.001	Command and Scripting Interpreter: PowerShell	Snip3 can use a PowerShell script for second-stage execution.(Citation: Morphisec Snip3 May 2021)(Citation: Telefonica Snip3 December 2021)
		.005	Command and Scripting Interpreter: Visual Basic	Snip3 can use visual basic scripts for first-stage execution.(Citation: Morphisec Snip3 May 2021)(Citation: Telefonica Snip3 December 2021)
Enterprise	T1564	.003	Hide Artifacts: Hidden Window	Snip3 can execute PowerShell scripts in a hidden window.(Citation: Morphisec Snip3 May 2021)
Enterprise	T1027	.001	Obfuscated Files or Information: Binary Padding	Snip3 can obfuscate strings using junk Chinese characters.(Citation: Morphisec Snip3 May 2021)
Enterprise	T1566	.001	Phishing: Spearphishing Attachment	Snip3 has been delivered to victims through malicious e-mail attachments.(Citation: Telefonica Snip3 December 2021)
		.002	Phishing: Spearphishing Link	Snip3 has been delivered to victims through e-mail links to malicious files.(Citation: Telefonica Snip3 December 2021)
Enterprise	T1055	.012	Process Injection: Process Hollowing	Snip3 can use RunPE to execute malicious payloads within a hollowed Windows process.(Citation: Morphisec Snip3 May 2021)(Citation: Telefonica Snip3 December 2021)
Enterprise	T1204	.001	User Execution: Malicious Link	Snip3 has been executed through luring victims into clicking malicious links.(Citation: Telefonica Snip3 December 2021)
		.002	User Execution: Malicious File	Snip3 can gain execution through the download of visual basic files.(Citation: Morphisec Snip3 May 2021)(Citation: Telefonica Snip3 December 2021)
Enterprise	T1497	.001	Virtualization/Sandbox Evasion: System Checks	Snip3 has the ability to detect Windows Sandbox, VMWare, or VirtualBox by querying `Win32_ComputerSystem` to extract the `Manufacturer` string.(Citation: Morphisec Snip3 May 2021)
		.003	Virtualization/Sandbox Evasion: Time Based Evasion	Snip3 can execute `WScript.Sleep` to delay execution of its second stage.(Citation: Morphisec Snip3 May 2021)

ID	Name	References
Groups That Use This Software
G1018	TA2541	(Citation: Proofpoint TA2541 February 2022) (Citation: Morphisec Snip3 May 2021)

References

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

Snip3

Techniques Used

Groups That Use This Software

References