VERMIN is a remote access tool written in the Microsoft .NET framework. It is mostly composed of original code, but also has some open source code. [1]

ID: S0257
Platforms: Windows

Version: 1.0

Techniques Used

EnterpriseT1123Audio CaptureVERMIN can perform audio capture.[1]
EnterpriseT1119Automated CollectionVERMIN saves each collected file with the automatically generated format {0:dd-MM-yyyy}.txt .[1]
EnterpriseT1115Clipboard DataVERMIN collects data stored in the clipboard.[1]
EnterpriseT1022Data EncryptedVERMIN encrypts the collected files using 3-DES.[1]
EnterpriseT1140Deobfuscate/Decode Files or InformationVERMIN decrypts code, strings, and commands to use once it's on the victim's machine.[1]
EnterpriseT1107File DeletionVERMIN can delete files on the victim’s machine.[1]
EnterpriseT1056Input CaptureVERMIN collects keystrokes from the victim machine.[1]
EnterpriseT1027Obfuscated Files or InformationVERMIN is obfuscated using the obfuscation tool called ConfuserEx.[1]
EnterpriseT1057Process DiscoveryVERMIN can get a list of the processes and running tasks on the system.[1]
EnterpriseT1105Remote File CopyVERMIN can download and upload files to the victim's machine.[1]
EnterpriseT1113Screen CaptureVERMIN can perform screen captures of the victim’s machine.[1]
EnterpriseT1063Security Software DiscoveryVERMIN uses WMI to check for anti-virus software installed on the system.[1]
EnterpriseT1045Software PackingVERMIN is initially packed.[1]
EnterpriseT1071Standard Application Layer ProtocolVERMIN uses HTTP for C2 communications.[1]
EnterpriseT1082System Information DiscoveryVERMIN collects the OS name, machine name, and architecture information.[1]
EnterpriseT1016System Network Configuration DiscoveryVERMIN gathers the local IP address.[1]
EnterpriseT1033System Owner/User DiscoveryVERMIN gathers the username from the victim’s machine.[1]