Openhunting Threat Library

NukeSped

NukeSped
(Type: Reconnaissance, Backdoor, Info stealer, Downloader)

(Fortinet) We have reverse-engineered the logic of the RAT and found many classical RAT features: • Iterate files in a folder • Create a process as another user • Iterate processes and modules • Terminate a process • Create a process • Write a file • Read a file • Connect to a remote host • Move a file<br >• Retrieve and launch additional payloads from the internet • Get information about installed disks, including the disk type and the amount of free space on the disk • Get the current directory • Change to a different directory • Remove itself and artifacts associated with it from the infected system

[News Analysis] Trends:

Total Trend: 0

Trend Per Year


Trend Per Month



[News Analysis] News Mention Another Threat Name:



[TTP Analysis] Technique Performance:



[TTP Analysis] Mitre Attack Matrix:

TA0043 TA0042 TA0001 TA0002 TA0003 TA0004 TA0005 TA0006 TA0007 TA0008 TA0009 TA0011 TA0010 TA0040
Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact


[Infrastructure Analysis] Based on Related IOC:

IP:Port Timestamp
Domain Timestamp
URL Timestamp


[Target Analysis] Region/Sector:

No information


References:

News Basic Information Indicator of Compromise Mitre Attack

Basic Information (Credit @etda.or.th)

Tool: NukeSped

Names: NukeSped

Description: (Fortinet) We have reverse-engineered the logic of the RAT and found many classical RAT features: • Iterate files in a folder • Create a process as another user • Iterate processes and modules • Terminate a process • Create a process • Write a file • Read a file • Connect to a remote host • Move a file
• Retrieve and launch additional payloads from the internet • Get information about installed disks, including the disk type and the amount of free space on the disk • Get the current directory • Change to a different directory • Remove itself and artifacts associated with it from the infected system

Category: Malware

Type: Reconnaissance, Backdoor, Info stealer, Downloader

Information: https://www.fortinet.com/blog/threat-research/deep-analysis-nukesped-rat.html

Alienvault-otx: https://otx.alienvault.com/browse/pulses?q=tag:nukesped

Last-card-change: 2020-04-20

Source: https://apt.etda.or.th/cgi-bin/listtools.cgi

TA0043 TA0042 TA0001 TA0002 TA0003 TA0004 TA0005 TA0006 TA0007 TA0008 TA0009 TA0011 TA0010 TA0040
Reconnaissance Resource Development Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Command and Control Exfiltration Impact