Movatterモバイル変換

Home
Software
QuietSieve

QuietSieve

QuietSieve is an information stealer that has been used byGamaredon Group since at least 2021.^[1]

ID: S0686

ⓘ

Type: MALWARE

ⓘ

Platforms: Windows

Version: 1.0

Created: 18 February 2022

Last Modified: 16 April 2025

Version Permalink

Enterprise Layer

Techniques Used

Domain	ID		Name	Use
Enterprise	T1071	.001	Application Layer Protocol:Web Protocols	QuietSieve can use HTTPS in C2 communications.^[1]
Enterprise	T1005		Data from Local System	QuietSieve can collect files from a compromised host.^[1]
Enterprise	T1083		File and Directory Discovery	QuietSieve can search files on the target host by extension, including doc, docx, xls, rtf, odt, txt, jpg, pdf, rar, zip, and 7z.^[1]
Enterprise	T1564	.003	Hide Artifacts:Hidden Window	QuietSieve has the ability to execute payloads in a hidden window.^[1]
Enterprise	T1105		Ingress Tool Transfer	QuietSieve can download and execute payloads on a target host.^[1]
Enterprise	T1135		Network Share Discovery	QuietSieve can identify and search networked drives for specific file name extensions.^[1]
Enterprise	T1120		Peripheral Device Discovery	QuietSieve can identify and search removable drives for specific file name extensions.^[1]
Enterprise	T1113		Screen Capture	QuietSieve has taken screenshots every five minutes and saved them to the user's local Application Data folder under`Temp\SymbolSourceSymbols\icons` or`Temp\ModeAuto\icons`.^[1]
Enterprise	T1016	.001	System Network Configuration Discovery:Internet Connection Discovery	QuietSieve can check C2 connectivity with a`ping` to 8.8.8.8 (Google public DNS).^[1]

Groups That Use This Software

ID	Name	References
G0047	Gamaredon Group	^[1]

References

Microsoft Threat Intelligence Center. (2022, February 4). ACTINIUM targets Ukrainian organizations. Retrieved February 18, 2022.

×

[8]ページ先頭

©2009-2026 Movatter.jp