ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool SilverHawk

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: SilverHawk

NamesSilverHawk
CategoryMalware
TypeBackdoor, Info stealer, Exfiltration
Description(Lookout) App Capabilities:
• Record Audio
o Stream environment audio over raw socket when instructed
• Take photos with device camera
• Survival counter - failed server connections and it stops
• Retrieve files from external storage
o Top directory
o Downloads, Pictures, DCIM directories
o WhatsApp, Telegram, Viber, ShareIt content
o Files sent over Bluetooth
• File utility to copy, move, rename, and delete files
• Download attacker specified files
• Enumerate installed apps incl. date & time installed
• Attempt to execute attacker specified commands or binary as root
• Retrieve contacts and related data:
o Call logs
o Contacts
o Text Messages
• Location, direction, and acceleration of the device
• Remotely updateable C2 IP and port
• Hide Icon
• Device information
o Retrieve battery levels, WiFi and GPS status, storage and cellular carrier info
Information<https://i.blackhat.com/eu-18/Wed-Dec-5/eu-18-DelRosso-Under-the-SEA.pdf>

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

Previous: SilkBean
Next: Silver Lambert

All groups using tool SilverHawk

ChangedNameCountryObserved

APT groups

XSyrian Electronic Army (SEA), Deadeye JackalSyria2011-May 2018X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key