Silence

SilenceWhisper Spider

[Silence](https://attack.mitre.org/groups/G0091) is a financially motivated threat actor targeting financial institutions in different countries. The group was first seen in June 2016. Their main targets reside in Russia, Ukraine, Belarus, Azerbaijan, Poland and Kazakhstan. They compromised various banking systems, including the Russian Central Bank's Automated Workstation Client, ATMs, and card processing.(Citation: Cyber Forensicator Silence Jan 2019)(Citation: SecureList Silence Nov 2017)

Techniques

Covered

Gaps

100%

Coverage

Coverage28/28

COVERED (28)

T1003.001LSASS Memory111 det.T1018Remote System Discovery50 det.T1021.001Remote Desktop Protocol53 det.T1027.010Command Obfuscation38 det.T1036.005Match Legitimate Resource Name or Location44 det.T1053.005Scheduled Task99 det.T1055Process Injection79 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1059.005Visual Basic68 det.T1059.007JavaScript61 det.T1070.004File Deletion42 det.T1072Software Deployment Tools13 det.T1078Valid Accounts280 det.T1090.002External Proxy6 det.T1105Ingress Tool Transfer183 det.T1106Native API29 det.T1112Modify Registry203 det.T1113Screen Capture18 det.T1125Video Capture3 det.T1204.002Malicious File425 det.T1218.001Compiled HTML File14 det.T1547.001Registry Run Keys / Startup Folder53 det.T1553.002Code Signing3 det.T1566.001Spearphishing Attachment905 det.T1569.002Service Execution64 det.T1571Non-Standard Port16 det.T1588.002Tool13 det.