Associated Groups: ProjectSauron
Created: 31 May 2017
Last Modified: 29 June 2020
Associated Group Descriptions
|ProjectSauron||ProjectSauron is used to refer both to the threat group also known as G0041 as well as the malware platform also known as S0125.  |
|Enterprise||T1564||.005||Hide Artifacts: Hidden File System|
|Enterprise||T1556||.002||Modify Authentication Process: Password Filter DLL||
Strider has registered its persistence module on domain controllers as a Windows LSA (Local System Authority) password filter to acquire credentials any time a domain, local user, or administrator logs in or changes a password.
|Enterprise||T1090||.001||Proxy: Internal Proxy|
- Symantec Security Response. (2016, August 7). Strider: Cyberespionage group turns eye of Sauron on targets. Retrieved August 17, 2016.
- Kaspersky Lab's Global Research & Analysis Team. (2016, August 8). ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms. Retrieved August 17, 2016.