VERMIN
ID: S0257
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.2
Created: 17 October 2018
Last Modified: 10 April 2024
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols | |
| Enterprise | T1560 | Archive Collected Data | ||
| Enterprise | T1123 | Audio Capture | ||
| Enterprise | T1119 | Automated Collection |
VERMIN saves each collected file with the automatically generated format {0:dd-MM-yyyy}.txt .[1] |
|
| Enterprise | T1115 | Clipboard Data | ||
| Enterprise | T1140 | Deobfuscate/Decode Files or Information |
VERMIN decrypts code, strings, and commands to use once it's on the victim's machine.[1] |
|
| Enterprise | T1070 | .004 | Indicator Removal: File Deletion | |
| Enterprise | T1105 | Ingress Tool Transfer |
VERMIN can download and upload files to the victim's machine.[1] |
|
| Enterprise | T1056 | .001 | Input Capture: Keylogging | |
| Enterprise | T1027 | .002 | Obfuscated Files or Information: Software Packing | |
| .013 | Obfuscated Files or Information: Encrypted/Encoded File |
VERMIN is obfuscated using the obfuscation tool called ConfuserEx.[1] |
||
| Enterprise | T1057 | Process Discovery |
VERMIN can get a list of the processes and running tasks on the system.[1] |
|
| Enterprise | T1113 | Screen Capture |
VERMIN can perform screen captures of the victim’s machine.[1] |
|
| Enterprise | T1518 | .001 | Software Discovery: Security Software Discovery |
VERMIN uses WMI to check for anti-virus software installed on the system.[1] |
| Enterprise | T1082 | System Information Discovery |
VERMIN collects the OS name, machine name, and architecture information.[1] |
|
| Enterprise | T1016 | System Network Configuration Discovery | ||
| Enterprise | T1033 | System Owner/User Discovery | ||