ioc[.]one - OSINT Cyber Threat Intelligence Database

ESET discovers Attor, a spy platform with curious GSM fingerprinting | WeLiveSecurity

Tags

cmtmf-attack-pattern:	Automated Exfiltration Data Encrypted Masquerading Process Injection
country:	Russia
attack-pattern:	Data Model Application Layer Protocol - T1437 Audio Capture - T1429 Clipboard Data - T1414 Commonly Used Port - T1436 Credentials - T1589.001 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Hidden Files And Directories - T1564.001 Input Capture - T1417 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 System Information Discovery - T1426 Multi-Hop Proxy - T1090.003 Process Injection - T1631 Rundll32 - T1218.011 Scheduled Task - T1053.005 Screen Capture - T1513 Server - T1583.004 Server - T1584.004 Service Execution - T1569.002 Sms Messages - T1636.004 Software - T1592.002 Timestomp - T1070.006 Virtualization/Sandbox Evasion - T1497 Virtualization/Sandbox Evasion - T1633 Standard Application Layer Protocol - T1071 Audio Capture - T1123 Automated Collection - T1119 Automated Exfiltration - T1020 Logon Scripts - T1037 Clipboard Data - T1115 Commonly Used Port - T1043 Connection Proxy - T1090 Data Encrypted - T1022 Data Staged - T1074 Deobfuscate/Decode Files Or Information - T1140 Execution Through Api - T1106 Execution Through Module Load - T1129 Exfiltration Over Command And Control Channel - T1041 File And Directory Discovery - T1083 File Deletion - T1107 Hidden Files And Directories - T1158 Remote File Copy - T1105 Input Capture - T1056 Masquerading - T1036 Modify Registry - T1112 Multi-Hop Proxy - T1188 Multilayer Encryption - T1079 New Service - T1050 Peripheral Device Discovery - T1120 Process Injection - T1055 Redundant Access - T1108 Rundll32 - T1085 Scheduled Task - T1053 Screen Capture - T1113 Service Execution - T1035 Standard Cryptographic Protocol - T1032 System Information Discovery - T1082 Timestomp - T1099 Automated Collection Commonly Used Port Execution Through Api Masquerading Remote File Copy Screen Capture Standard Application Layer Protocol

Show in Graph

Common Information

Type	Value
UUID	d4ef44a1-2b6e-4ac7-88dc-2c6a16bae626
Fingerprint	de941c11005da282
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 10, 2019, 11:30 a.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	ESET discovers Attor, a spy platform with curious GSM fingerprinting
Title	ESET discovers Attor, a spy platform with curious GSM fingerprinting \| WeLiveSecurity
Detected Hints/Tags/Attributes	139/3/41

Source URLs

	Redirection	Url
Details	Source	https://www.welivesecurity.com/2019/10/10/eset-discovers-attor-spy-platform/
Details	Source	https://www.welivesecurity.com/2019/10/10/eset-discovers-attor-spy-platform

URL Provider

Details	Provider	Source level domain
Details	welivesecurity.com	www.welivesecurity.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	mail.yandex
Details	Domain	246	mail.ru
Details	Domain	2	idayqh3zhj5j243t.onion
Details	File	33	tor.exe
Details	File	1018	rundll32.exe
Details	IPv4	1441	127.0.0.1
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	120	T1129
Details	MITRE ATT&CK Techniques	27	T1085
Details	MITRE ATT&CK Techniques	480	T1053
Details	MITRE ATT&CK Techniques	39	T1035
Details	MITRE ATT&CK Techniques	26	T1037
Details	MITRE ATT&CK Techniques	36	T1050
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	67	T1107
Details	MITRE ATT&CK Techniques	42	T1158
Details	MITRE ATT&CK Techniques	348	T1036
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	10	T1108
Details	MITRE ATT&CK Techniques	12	T1099
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	152	T1056
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	188	T1120
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	23	T1123
Details	MITRE ATT&CK Techniques	111	T1119
Details	MITRE ATT&CK Techniques	67	T1074
Details	MITRE ATT&CK Techniques	219	T1113
Details	MITRE ATT&CK Techniques	60	T1043
Details	MITRE ATT&CK Techniques	7	T1188
Details	MITRE ATT&CK Techniques	6	T1079
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	444	T1071
Details	MITRE ATT&CK Techniques	23	T1032
Details	MITRE ATT&CK Techniques	102	T1020
Details	MITRE ATT&CK Techniques	28	T1022
Details	MITRE ATT&CK Techniques	422	T1041
Details	Windows Registry Key	14	HKEY_CURRENT_USER\Environment
Details	Windows Registry Key	22	HKEY_LOCAL_MACHINE\SYSTEM