Currently viewing ATT&CK v8.2 which was live between October 27, 2020 and April 28, 2021. Learn more about the versioning system or see the live site.
SOFTWARE
Aria-body
SOFTWARE
1-9
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Y-Z
  1. Home
  2. Software
  3. Nerex

Nerex

Nerex is a Trojan used by Elderwood to open a backdoor on compromised hosts. [1] [2]

ID: S0210
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 18 April 2018
Last Modified: 17 October 2018
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1543 .003 Create or Modify System Process: Windows Service

Nerex creates a Registry subkey that registers a new service.[2]
Enterprise T1105 Ingress Tool Transfer

Nerex creates a backdoor through which remote attackers can download files onto a compromised host.[3]
Enterprise T1112 Modify Registry

Nerex creates a Registry subkey that registers a new service.[2]
Enterprise T1553 .002 Subvert Trust Controls: Code Signing

Nerex drops a signed Microsoft DLL to disk.[2]

Groups That Use This Software

ID Name References
G0066 Elderwood

[1]

References

  1. O'Gorman, G., and McDonald, G.. (2012, September 6). The Elderwood Project. Retrieved February 15, 2018.
  2. Ladley, F. (2012, May 15). Backdoor.Nerex. Retrieved February 23, 2018.
  1. Ladley, F. (2012, May 15). Backdoor.Ritsol. Retrieved February 23, 2018.