SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
VERMIN
ID: S0257
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.1
Created: 17 October 2018
Last Modified: 30 March 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols | |
| Enterprise | T1560 | Archive Collected Data | ||
| Enterprise | T1123 | Audio Capture | ||
| Enterprise | T1119 | Automated Collection |
VERMIN saves each collected file with the automatically generated format {{0:dd-MM-yyyy}}.txt .[1] |
|
| Enterprise | T1115 | Clipboard Data | ||
| Enterprise | T1140 | Deobfuscate/Decode Files or Information |
VERMIN decrypts code, strings, and commands to use once it's on the victim's machine.[1] |
|
| Enterprise | T1070 | .004 | Indicator Removal on Host: File Deletion | |
| Enterprise | T1105 | Ingress Tool Transfer |
VERMIN can download and upload files to the victim's machine.[1] |
|
| Enterprise | T1056 | .001 | Input Capture: Keylogging | |
| Enterprise | T1027 | Obfuscated Files or Information |
VERMIN is obfuscated using the obfuscation tool called ConfuserEx.[1] |
|
| .002 | Software Packing | |||
| Enterprise | T1057 | Process Discovery |
VERMIN can get a list of the processes and running tasks on the system.[1] |
|
| Enterprise | T1113 | Screen Capture |
VERMIN can perform screen captures of the victim’s machine.[1] |
|
| Enterprise | T1518 | .001 | Software Discovery: Security Software Discovery |
VERMIN uses WMI to check for anti-virus software installed on the system.[1] |
| Enterprise | T1082 | System Information Discovery |
VERMIN collects the OS name, machine name, and architecture information.[1] |
|
| Enterprise | T1016 | System Network Configuration Discovery | ||
| Enterprise | T1033 | System Owner/User Discovery | ||
References
×