SilverTerrier

SilverTerrier is a Nigerian threat group that has been seen active since 2014. SilverTerrier mainly targets organizations in high technology, higher education, and manufacturing.[1][2]

ID: G0083
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1071 Standard Application Layer Protocol SilverTerrier uses SMTP, FTP, and HTTP for C2 communications.[1]

Software

ID Name References Techniques
S0331 Agent Tesla [1] Account Discovery, Clipboard Data, Data Encrypted, Disabling Security Tools, Exfiltration Over Alternative Protocol, Exploitation for Client Execution, Input Capture, Obfuscated Files or Information, Process Discovery, Registry Run Keys / Startup Folder, Remote File Copy, Screen Capture, Standard Application Layer Protocol, System Information Discovery, System Network Configuration Discovery, System Owner/User Discovery, System Time Discovery, Uncommonly Used Port, Video Capture
S0334 DarkComet [1] Audio Capture, Clipboard Data, Command-Line Interface, Disabling Security Tools, Input Capture, Masquerading, Modify Registry, Process Discovery, Registry Run Keys / Startup Folder, Remote Desktop Protocol, Remote File Copy, Scripting, Software Packing, Standard Application Layer Protocol, System Information Discovery, System Owner/User Discovery, Video Capture
S0336 NanoCore [1] Audio Capture, Command-Line Interface, Disabling Security Tools, Input Capture, Modify Registry, Obfuscated Files or Information, Registry Run Keys / Startup Folder, Remote File Copy, Scripting, Standard Cryptographic Protocol, System Network Configuration Discovery, Uncommonly Used Port, Video Capture
S0198 NETWIRE [1] Code Signing, Input Capture, Registry Run Keys / Startup Folder, Screen Capture, System Information Discovery

References