Malware: Daserf

Description

[Daserf](https://attack.mitre.org/software/S0187) is a backdoor that has been used to spy on and steal from Japanese, South Korean, Russian, Singaporean, and Chinese victims. Researchers have identified versions written in both Visual C and Delphi. (Citation: Trend Micro Daserf Nov 2017) (Citation: Secureworks BRONZE BUTLER Oct 2017)

External References

• mitre-attack
• Trend Micro Daserf Nov 2017
• Secureworks BRONZE BUTLER Oct 2017

Techniques Used by This Malware

• T1001.002 — Steganography
• T1003.001 — LSASS Memory
• T1027 — Obfuscated Files or Information
• T1027.002 — Software Packing
• T1027.005 — Indicator Removal from Tools
• T1036.005 — Match Legitimate Resource Name or Location
• T1056.001 — Keylogging
• T1059.003 — Windows Command Shell
• T1071.001 — Web Protocols
• T1105 — Ingress Tool Transfer
• T1113 — Screen Capture
• T1132.001 — Standard Encoding
• T1553.002 — Code Signing
• T1560 — Archive Collected Data
• T1560.001 — Archive via Utility
• T1573.001 — Symmetric Cryptography

APT Groups Using This Malware

• BRONZE BUTLER