Nerex

Nerex is a Trojan used by Elderwood to open a backdoor on compromised hosts. [1] [2]

ID: S0210
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 18 April 2018
Last Modified: 17 October 2018

Techniques Used

Domain ID Name Use
Enterprise T1543 .003 Create or Modify System Process: Windows Service

Nerex creates a Registry subkey that registers a new service.[2]

Enterprise T1105 Ingress Tool Transfer

Nerex creates a backdoor through which remote attackers can download files onto a compromised host.[3]

Enterprise T1112 Modify Registry

Nerex creates a Registry subkey that registers a new service.[2]

Enterprise T1553 .002 Subvert Trust Controls: Code Signing

Nerex drops a signed Microsoft DLL to disk.[2]

Groups That Use This Software

ID Name References
G0066 Elderwood

[1]

References