QUIETCANARY
QUIETCANARY is a backdoor tool written in .NET that has been used since at least 2022 to gather and exfiltrate data from victim networks.[1]
Associated Software Descriptions
| Name | Description |
|---|---|
| Tunnus |
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1573 | .001 | 加密通道: Symmetric Cryptography |
QUIETCANARY can RC4 encrypt C2 communications.[1] |
| Enterprise | T1140 | 反混淆/解码文件或信息 |
QUIETCANARY can use a custom parsing routine to decode the command codes and additional parameters from the C2 before executing them.[1] |
|
| Enterprise | T1071 | .001 | 应用层协议: Web Protocols |
QUIETCANARY can use HTTPS for C2 communications.[1] |
| Enterprise | T1074 | 数据分段 |
QUIETCANARY has the ability to stage data prior to exfiltration.[1] |
|
| Enterprise | T1132 | .001 | 数据编码: Standard Encoding |
QUIETCANARY can base64 encode C2 communications.[1] |
| Enterprise | T1106 | 本机API |
QUIETCANARY can call |
|
| Enterprise | T1012 | 查询注册表 |
QUIETCANARY has the ability to retrieve information from the Registry.[1] |
|
| Enterprise | T1016 | 系统网络配置发现 |
QUIETCANARY can identify the default proxy setting on a compromised host.[1] |
|
| Enterprise | T1564 | .003 | 隐藏伪装: Hidden Window |
QUIETCANARY can execute processes in a hidden window.[1] |
Campaigns
| ID | Name | Description |
|---|---|---|
| C0026 | C0026 |
During C0026, the threat actors used QUIETCANARY to gather and exfiltrate data. [1] |