ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool Remsec

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Remsec

NamesRemsec
CategoryMalware
TypeBackdoor, Info stealer, Exfiltration, Tunneling
Description(Kaspersky) Remsec is particularly interested in gaining access to encrypted communications, hunting them down using an advanced modular cyber-espionage platform that incorporates a set of unique tools and techniques. The most noteworthy feature of Remsec’s tactics is the deliberate avoidance of patterns: Remsec customizes its implants and infrastructure for each individual target, and never reuses them. This approach, coupled with multiple routes for the exfiltration of stolen data, such as legitimate email channels and DNS, enables Remsec to conduct secretive, long-term spying campaigns in target networks.

Remsec gives the impression of being an experienced and traditional actor that has put considerable effort into learning from other extremely advanced actors, including Duqu, Flame, Equation and Regin; adopting some of their most innovative techniques and improving on their tactics in order to remain undiscovered.
Information<https://www.kaspersky.com/about/press-releases/2016_remsec-top-level-espionage-platform-covertly-extracts-encrypted-government-comms>
MITRE ATT&CK<https://attack.mitre.org/software/S0125/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.remsec_strider>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:remsec>

Last change to this tool card: 23 April 2020

Download this tool card in JSON format

All groups using tool Remsec

ChangedNameCountryObserved

APT groups

 Strider, ProjectSauronUSA2011 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key