CavalierGPT: The First Comprehensive Infostealers AI Bot - Try Now →

Created by: sharat87

Date created: 2022-12-19

Last edited: 2023-01-24

Description: Heatmap of instances of ATT&CK techniques for Erbium Stealer based on recent public CTI reporting (sources in notes for each technique).

Techniques (34)

  • Account Discovery

    ID: T1087

    Tactics: Discovery

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Code Signing

    ID: T1553.002

    Tactics: Defense Evasion

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Credentials from Web Browsers

    ID: T1555.003

    Tactics: Credential Access

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer, https://www.cyfirma.com/outofband/erbium-stealer-malware-report/

  • Credentials In Files

    ID: T1552.001

    Tactics: Credential Access

    Description: https://www.cyfirma.com/outofband/erbium-stealer-malware-report/

  • Data from Local System

    ID: T1005

    Tactics: Collection

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer,

    Erbium Stealer Malware Report

  • Debugger Evasion

    ID: T1622

    Tactics: Defense Evasion, Discovery

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Deobfuscate/Decode Files or Information

    ID: T1140

    Tactics: Defense Evasion

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Disable or Modify Tools

    ID: T1562.001

    Tactics: Defense Evasion

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Dynamic-link Library Injection

    ID: T1055.001

    Tactics: Privilege Escalation, Defense Evasion

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Encrypted Channel

    ID: T1573

    Tactics: Command and Control

    Description: https://www.cyfirma.com/outofband/erbium-stealer-malware-report/

  • Exfiltration Over C2 Channel

    ID: T1041

    Tactics: Exfiltration

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • File and Directory Discovery

    ID: T1083

    Tactics: Discovery

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Indirect Command Execution

    ID: T1202

    Tactics: Defense Evasion

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Malicious File

    ID: T1204.002

    Tactics: Execution

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Malicious Link

    ID: T1204.001

    Tactics: Execution

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Modify Registry

    ID: T1112

    Tactics: Defense Evasion

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Native API

    ID: T1106

    Tactics: Execution

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer,

    Erbium Stealer Malware Report

  • Network Service Discovery

    ID: T1046

    Tactics: Discovery

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Obfuscated Files or Information

    ID: T1027

    Tactics: Defense Evasion

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer,

    Erbium Stealer Malware Report

  • OS Credential Dumping

    ID: T1003

    Tactics: Credential Access

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Process Discovery

    ID: T1057

    Tactics: Discovery

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer,

    Erbium Stealer Malware Report

  • Process Hollowing

    ID: T1055.012

    Tactics: Privilege Escalation, Defense Evasion

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Reflective Code Loading

    ID: T1620

    Tactics: Defense Evasion

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Screen Capture

    ID: T1113

    Tactics: Collection

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Software Discovery

    ID: T1518

    Tactics: Discovery

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Spearphishing Attachment

    ID: T1566.001

    Tactics: Initial Access

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Steal Application Access Token

    ID: T1528

    Tactics: Credential Access

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Steal Web Session Cookie

    ID: T1539

    Tactics: Credential Access

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer,

    Erbium Stealer Malware Report

  • System Information Discovery

    ID: T1082

    Tactics: Discovery

    Description: https://www.cyfirma.com/outofband/erbium-stealer-malware-report/

  • System Owner/User Discovery

    ID: T1033

    Tactics: Discovery

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • System Time Discovery

    ID: T1124

    Tactics: Discovery

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Thread Execution Hijacking

    ID: T1055.003

    Tactics: Privilege Escalation, Defense Evasion

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Virtualization/Sandbox Evasion

    ID: T1497

    Tactics: Defense Evasion, Discovery

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

  • Web Protocols

    ID: T1071.001

    Tactics: Command and Control

    Description: https://blog.cluster25.duskrise.com/2022/09/15/erbium-stealer-a-new-infostealer

infostealers-logo

BE THE FIRST TO KNOW

Get FREE access to Cavalier GPT

Stay informed with the latest insights in our Infostealers weekly report.

Receive a notification if your email is involved in an Infostealer infection.

No Spam, We Promise

BE THE FIRST TO KNOW

Get FREE access to Cavalier GPT

Stay informed with the latest insights in our Infostealers weekly report.

Receive a notification if your email is involved in an Infostealer infection.

No Spam, We Promise