Group5
Group5 is a threat group with a suspected Iranian nexus, though this attribution is not definite. The group has targeted individuals connected to the Syrian opposition via spearphishing and watering holes, normally using Syrian and Iranian themes. Group5 has used two commonly available remote access tools (RATs), njRAT and NanoCore, as well as an Android RAT, DroidJack. [1]
ID: G0043
Version: 1.3
Created: 31 May 2017
Last Modified: 11 April 2024
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1113 | 屏幕捕获 |
Malware used by Group5 is capable of watching the victim's screen.[1] |
|
| Enterprise | T1027 | .013 | 混淆文件或信息: Encrypted/Encoded File |
Group5 disguised its malicious binaries with several layers of obfuscation, including encrypting the files.[1] |
| Enterprise | T1070 | .004 | 移除指标: File Deletion |
Malware used by Group5 is capable of remotely deleting files from victims.[1] |
| Enterprise | T1056 | .001 | 输入捕获: Keylogging |
Malware used by Group5 is capable of capturing keystrokes.[1] |