1. Home
  2. Software
  3. Wiarp

Wiarp

Wiarp is a trojan used by Elderwood to open a backdoor on compromised hosts. [1] [2]

ID: S0206
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 18 April 2018
Last Modified: 06 January 2021
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1543 .003 创建或修改系统进程: Windows Service

Wiarp creates a backdoor through which remote attackers can create a service.[2]
Enterprise T1059 .003 命令与脚本解释器: Windows Command Shell

Wiarp creates a backdoor through which remote attackers can open a command line interface.[2]
Enterprise T1105 输入工具传输

Wiarp creates a backdoor through which remote attackers can download files.[2]
Enterprise T1055 进程注入

Wiarp creates a backdoor through which remote attackers can inject files into running processes.[2]

Groups That Use This Software

ID Name References
G0066 Elderwood

[1]

References

  1. O'Gorman, G., and McDonald, G.. (2012, September 6). The Elderwood Project. Retrieved February 15, 2018.
  1. Zhou, R. (2012, May 15). Backdoor.Wiarp. Retrieved February 22, 2018.