← threatfilter.dev / all groups / Silence
Silence
Also known as: Whisper Spider
Overview
Silence is a financially motivated threat actor targeting financial institutions in different countries. The group was first seen in June 2016. Their main targets reside in Russia, Ukraine, Belarus, Azerbaijan, Poland and Kazakhstan. They compromised various banking systems, including the Russian Central Bank's Automated Workstation Client, ATMs, and card processing.
TTPs — 28 techniques across 11 tactics
Resource Development
-
T1588.002Tool
Initial Access
-
T1566.001Spearphishing Attachment
Execution
-
T1053.005Scheduled Task -
T1059.001PowerShell -
T1059.003Windows Command Shell -
T1059.005Visual Basic -
T1059.007JavaScript -
T1072Software Deployment Tools -
T1106Native API -
T1204.002Malicious File -
T1569.002Service Execution
Persistence
-
T1547.001Registry Run Keys / Startup Folder
Stealth
-
T1027.010Command Obfuscation -
T1036.005Match Legitimate Resource Name or Location -
T1055Process Injection -
T1070.004File Deletion -
T1078Valid Accounts -
T1218.001Compiled HTML File
Defense Impairment
-
T1112Modify Registry -
T1553.002Code Signing
Credential Access
-
T1003.001LSASS Memory
Discovery
-
T1018Remote System Discovery
Lateral Movement
-
T1021.001Remote Desktop Protocol
Collection
-
T1113Screen Capture -
T1125Video Capture
Command and Control
-
T1090.002External Proxy -
T1105Ingress Tool Transfer -
T1571Non-Standard Port
Tools & malware (3)
Empire · Winexe · SDelete