Silence

SilenceWhisper Spider

[Silence](https://attack.mitre.org/groups/G0091) is a financially motivated threat actor targeting financial institutions in different countries. The group was first seen in June 2016. Their main targets reside in Russia, Ukraine, Belarus, Azerbaijan, Poland and Kazakhstan. They compromised various banking systems, including the Russian Central Bank's Automated Workstation Client, ATMs, and card processing.(Citation: Cyber Forensicator Silence Jan 2019)(Citation: SecureList Silence Nov 2017)

Techniques

Covered

Gaps

100%

Coverage

Coverage28/28

COVERED (28)

T1003.001LSASS Memory105 det.T1018Remote System Discovery46 det.T1021.001Remote Desktop Protocol51 det.T1027.010Command Obfuscation31 det.T1036.005Match Legitimate Resource Name or Location44 det.T1053.005Scheduled Task82 det.T1055Process Injection76 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1059.005Visual Basic66 det.T1059.007JavaScript58 det.T1070.004File Deletion40 det.T1072Software Deployment Tools13 det.T1078Valid Accounts252 det.T1090.002External Proxy6 det.T1105Ingress Tool Transfer170 det.T1106Native API27 det.T1112Modify Registry197 det.T1113Screen Capture17 det.T1125Video Capture3 det.T1204.002Malicious File397 det.T1218.001Compiled HTML File13 det.T1547.001Registry Run Keys / Startup Folder50 det.T1553.002Code Signing3 det.T1566.001Spearphishing Attachment850 det.T1569.002Service Execution63 det.T1571Non-Standard Port16 det.T1588.002Tool13 det.