Movatterモバイル変換

[0]ホーム
URL:

  1. Home
  2. Groups
  3. Group5

Group5

Group5 is a threat group with a suspected Iranian nexus, though this attribution is not definite. The group has targeted individuals connected to the Syrian opposition via spearphishing and watering holes, normally using Syrian and Iranian themes.Group5 has used two commonly available remote access tools (RATs),njRAT andNanoCore, as well as an Android RAT, DroidJack.[1]

ID: G0043
Version: 1.3
Created: 31 May 2017
Last Modified: 11 April 2024
Enterprise Layer
downloadview

Techniques Used

DomainIDNameUse
EnterpriseT1070.004Indicator Removal:File Deletion

Malware used byGroup5 is capable of remotely deleting files from victims.[1]

EnterpriseT1056.001Input Capture:Keylogging

Malware used byGroup5 is capable of capturing keystrokes.[1]

EnterpriseT1027.013Obfuscated Files or Information:Encrypted/Encoded File

Group5 disguised its malicious binaries with several layers of obfuscation, including encrypting the files.[1]

EnterpriseT1113Screen Capture

Malware used byGroup5 is capable of watching the victim's screen.[1]

Software

IDNameReferencesTechniques
S0336NanoCore[1]Audio Capture,Boot or Logon Autostart Execution:Registry Run Keys / Startup Folder,Command and Scripting Interpreter:Windows Command Shell,Command and Scripting Interpreter:Visual Basic,Encrypted Channel:Symmetric Cryptography,Impair Defenses:Disable or Modify System Firewall,Impair Defenses:Disable or Modify Tools,Ingress Tool Transfer,Input Capture:Keylogging,Modify Registry,Obfuscated Files or Information,System Network Configuration Discovery,Video Capture
S0385njRAT[1]Application Layer Protocol:Web Protocols,Application Window Discovery,Boot or Logon Autostart Execution:Registry Run Keys / Startup Folder,Command and Scripting Interpreter:PowerShell,Command and Scripting Interpreter:Windows Command Shell,Credentials from Password Stores:Credentials from Web Browsers,Data Encoding:Standard Encoding,Data from Local System,Dynamic Resolution:Fast Flux DNS,Exfiltration Over C2 Channel,File and Directory Discovery,Impair Defenses:Disable or Modify System Firewall,Indicator Removal:File Deletion,Indicator Removal:Clear Persistence,Ingress Tool Transfer,Input Capture:Keylogging,Modify Registry,Native API,Non-Standard Port,Obfuscated Files or Information:Encrypted/Encoded File,Obfuscated Files or Information:Compile After Delivery,Peripheral Device Discovery,Process Discovery,Query Registry,Remote Services:Remote Desktop Protocol,Remote System Discovery,Replication Through Removable Media,Screen Capture,System Information Discovery,System Owner/User Discovery,Video Capture

References

×
[8]ページ先頭
©2009-2026 Movatter.jp