(Qihoo 360) The execution logic of ReZer0 is controlled by hard-coded built-in instructions. According to different instructions, different malicious functions are executed. Its design logic resembles the design method of backdoor programs. In the 360 massive data, we found that ReZer0 has an obvious version identification. In conjunction with the above-mentioned large number of instructions used, we speculate that the software is still in the development stage, and it will not be ruled out that the program will be controlled through network communication in the future. In addition to the nature of the backdoor virus, ReZer0 also carries known remote control Trojans such as {{NanoCore RAT}} and {{RemcosRAT}} in the resources.
| TA0043 | TA0042 | TA0001 | TA0002 | TA0003 | TA0004 | TA0005 | TA0006 | TA0007 | TA0008 | TA0009 | TA0011 | TA0010 | TA0040 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
| IP:Port | Timestamp |
|---|
| Domain | Timestamp |
|---|
| URL | Timestamp |
|---|
Tool: ReZer0
Names: ReZer0
Description: (Qihoo 360) The execution logic of ReZer0 is controlled by hard-coded built-in instructions. According to different instructions, different malicious functions are executed. Its design logic resembles the design method of backdoor programs. In the 360 massive data, we found that ReZer0 has an obvious version identification. In conjunction with the above-mentioned large number of instructions used, we speculate that the software is still in the development stage, and it will not be ruled out that the program will be controlled through network communication in the future. In addition to the nature of the backdoor virus, ReZer0 also carries known remote control Trojans such as {{NanoCore RAT}} and {{RemcosRAT}} in the resources.
Category: Malware
Type: Backdoor
Information: https://blog.360totalsecurity.com/en/vendetta-new-threat-actor-from-europe/
Last-card-change: 2020-05-21
Source: https://apt.etda.or.th/cgi-bin/listtools.cgi
| TA0043 | TA0042 | TA0001 | TA0002 | TA0003 | TA0004 | TA0005 | TA0006 | TA0007 | TA0008 | TA0009 | TA0011 | TA0010 | TA0040 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |