Movatterモバイル変換

[0]ホーム
URL:

  1. Home
  2. Groups
  3. Rancor

Rancor

Rancor is a threat group that has led targeted campaigns against the South East Asia region.Rancor uses politically-motivated lures to entice victims to open malicious documents.[1]

ID: G0075
Version: 1.3
Created: 17 October 2018
Last Modified: 09 February 2024
Enterprise Layer
downloadview

Techniques Used

DomainIDNameUse
EnterpriseT1071.001Application Layer Protocol:Web Protocols

Rancor has used HTTP for C2.[1]

EnterpriseT1059.003Command and Scripting Interpreter:Windows Command Shell

Rancor has used cmd.exe to execute commmands.[1]

.005Command and Scripting Interpreter:Visual Basic

Rancor has used VBS scripts as well as embedded macros for execution.[1]

EnterpriseT1546.003Event Triggered Execution:Windows Management Instrumentation Event Subscription

Rancor has complied VBScript-generated MOF files into WMI event subscriptions for persistence.[2]

EnterpriseT1105Ingress Tool Transfer

Rancor has downloaded additional malware, including by usingcertutil.[1]

EnterpriseT1566.001Phishing:Spearphishing Attachment

Rancor has attached a malicious document to an email to gain initial access.[1]

EnterpriseT1053.005Scheduled Task/Job:Scheduled Task

Rancor launched a scheduled task to gain persistence using theschtasks /create /sc command.[1]

EnterpriseT1218.007System Binary Proxy Execution:Msiexec

Rancor has usedmsiexec to download and execute malicious installer files over HTTP.[1]

EnterpriseT1204.002User Execution:Malicious File

Rancor attempted to get users to click on an embedded macro within a Microsoft Office Excel document to launch their malware.[1]

Software

References

×
[8]ページ先頭
©2009-2026 Movatter.jp