ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool spwebmember

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: spwebmember

Namesspwebmember
CategoryTools
TypeInfo stealer
Description(NCC Group) spwebmember was written in Microsoft .NET and includes hardcoded values for client project names for data extraction. The tool would connect to the SQL SharePoint database and issue a query to dump all data from the database to a temporary file affixed with 'spdata'.
Information<https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/march/apt15-is-alive-and-strong-an-analysis-of-royalcli-and-royaldns/>
MITRE ATT&CK<https://attack.mitre.org/software/S0227/>

Last change to this tool card: 22 April 2020

Download this tool card in JSON format

Previous: SPOONBEARD
Next: Spyder

All groups using tool spwebmember

ChangedNameCountryObserved

APT groups

 Ke3chang, Vixen Panda, APT 15, GREF, Playful DragonChina2010-May 2020 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key