QuietSieve
QuietSieve is an information stealer that has been used by Gamaredon Group since at least 2021.[1]
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1005 | 从本地系统获取数据 |
QuietSieve can collect files from a compromised host.[1] |
|
| Enterprise | T1120 | 外围设备发现 |
QuietSieve can identify and search removable drives for specific file name extensions.[1] |
|
| Enterprise | T1113 | 屏幕捕获 |
QuietSieve has taken screenshots every five minutes and saved them to the user's local Application Data folder under |
|
| Enterprise | T1071 | .001 | 应用层协议: Web Protocols |
QuietSieve can use HTTPS in C2 communications.[1] |
| Enterprise | T1083 | 文件和目录发现 |
QuietSieve can search files on the target host by extension, including doc, docx, xls, rtf, odt, txt, jpg, pdf, rar, zip, and 7z.[1] |
|
| Enterprise | T1016 | .001 | 系统网络配置发现: Internet Connection Discovery |
QuietSieve can check C2 connectivity with a |
| Enterprise | T1135 | 网络共享发现 |
QuietSieve can identify and search networked drives for specific file name extensions.[1] |
|
| Enterprise | T1105 | 输入工具传输 |
QuietSieve can download and execute payloads on a target host.[1] |
|
| Enterprise | T1564 | .003 | 隐藏伪装: Hidden Window |
QuietSieve has the ability to execute payloads in a hidden window.[1] |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0047 | Gamaredon Group |