Introduction
SilverTerrier is a Nigerian threat group that has been seen active since 2014. SilverTerrier mainly targets organizations in high technology, higher education, and manufacturing. Unit42 SilverTerrier 2018 Unit42 SilverTerrier 2016
Activities and Tactics
Country of Origin: 🇳🇬 Nigeria
Risk Level: High
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
- T1071.003 Mail Protocols
- T1071.001 Web Protocols
- T1071.002 File Transfer Protocols
- T1657 Financial Theft
ATT&CK technique IDs (denormalized)
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- Virus RAT
- Predator Pain:
- Pony:
- KeyBase:
- ISpySoftware:
- ISR Stealer:
- Agent Tesla:
- LokiBot:
- Zeus and Atmos:
- NetWire:
- DarkComet and NanoCore:
MITRE ATT&CK Software
- NanoCore (S0336) — malware
- Agent Tesla (S0331) — malware
- NETWIRE (S0198) — malware
- DarkComet (S0334) — malware
- Lokibot (S0447) — malware
Attribution and Evidence
Country of Origin: Nigeria Additional attribution information pending cataloguing.
References
[1] mitre-attack [3] Unit42 SilverTerrier 2016 Renals, P., Conant, S. (2016). SILVERTERRIER: The Next Evolution in Nigerian Cybercrime. Retrieved November 13, 2018. [4] Unit42 SilverTerrier 2018 Unit42. (2016). SILVERTERRIER: THE RISE OF NIGERIAN BUSINESS EMAIL COMPROMISE. Retrieved November 13, 2018.