VERMIN
ID: S0257
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.2
Created: 17 October 2018
Last Modified: 10 April 2024
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1115 | 剪贴板数据 | ||
| Enterprise | T1140 | 反混淆/解码文件或信息 |
VERMIN decrypts code, strings, and commands to use once it's on the victim's machine.[1] |
|
| Enterprise | T1113 | 屏幕捕获 |
VERMIN can perform screen captures of the victim’s machine.[1] |
|
| Enterprise | T1071 | .001 | 应用层协议: Web Protocols | |
| Enterprise | T1560 | 归档收集数据 | ||
| Enterprise | T1027 | .002 | 混淆文件或信息: Software Packing | |
| .013 | 混淆文件或信息: Encrypted/Encoded File |
VERMIN is obfuscated using the obfuscation tool called ConfuserEx.[1] |
||
| Enterprise | T1070 | .004 | 移除指标: File Deletion | |
| Enterprise | T1082 | 系统信息发现 |
VERMIN collects the OS name, machine name, and architecture information.[1] |
|
| Enterprise | T1033 | 系统所有者/用户发现 | ||
| Enterprise | T1016 | 系统网络配置发现 | ||
| Enterprise | T1119 | 自动化收集 |
VERMIN saves each collected file with the automatically generated format {0:dd-MM-yyyy}.txt .[1] |
|
| Enterprise | T1518 | .001 | 软件发现: Security Software Discovery |
VERMIN uses WMI to check for anti-virus software installed on the system.[1] |
| Enterprise | T1105 | 输入工具传输 |
VERMIN can download and upload files to the victim's machine.[1] |
|
| Enterprise | T1056 | .001 | 输入捕获: Keylogging | |
| Enterprise | T1057 | 进程发现 |
VERMIN can get a list of the processes and running tasks on the system.[1] |
|
| Enterprise | T1123 | 音频捕获 | ||