SilverTerrier

SilverTerrier is a Nigerian threat group that has been seen active since 2014. SilverTerrier mainly targets organizations in high technology, higher education, and manufacturing.[1][2]

ID: G0083
Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1071Standard Application Layer ProtocolSilverTerrier uses SMTP, FTP, and HTTP for C2 communications.[1]

Software

IDNameReferencesTechniques
S0331Agent Tesla[1]Account Discovery, Clipboard Data, Data Encrypted, Disabling Security Tools, Exfiltration Over Alternative Protocol, Exploitation for Client Execution, Input Capture, Obfuscated Files or Information, Process Discovery, Registry Run Keys / Startup Folder, Remote File Copy, Screen Capture, Standard Application Layer Protocol, System Information Discovery, System Network Configuration Discovery, System Owner/User Discovery, System Time Discovery, Uncommonly Used Port, Video Capture
S0334DarkComet[1]Audio Capture, Clipboard Data, Command-Line Interface, Disabling Security Tools, Input Capture, Masquerading, Modify Registry, Process Discovery, Registry Run Keys / Startup Folder, Remote Desktop Protocol, Remote File Copy, Scripting, Software Packing, Standard Application Layer Protocol, System Information Discovery, System Owner/User Discovery, Video Capture
S0336NanoCore[1]Audio Capture, Command-Line Interface, Disabling Security Tools, Input Capture, Modify Registry, Obfuscated Files or Information, Registry Run Keys / Startup Folder, Remote File Copy, Scripting, Standard Cryptographic Protocol, System Network Configuration Discovery, Uncommonly Used Port, Video Capture
S0198NETWIRE[1]Code Signing, Input Capture, Registry Run Keys / Startup Folder, Screen Capture, System Information Discovery

References