Skip to content

S0210 Nerex

Nerex is a Trojan used by Elderwood to open a backdoor on compromised hosts. 1 2

Item Value
ID S0210
Associated Names
Type MALWARE
Version 1.0
Created 18 April 2018
Last Modified 06 January 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1543 Create or Modify System Process -
enterprise T1543.003 Windows Service Nerex creates a Registry subkey that registers a new service.2
enterprise T1105 Ingress Tool Transfer Nerex creates a backdoor through which remote attackers can download files onto a compromised host.3
enterprise T1112 Modify Registry Nerex creates a Registry subkey that registers a new service.2
enterprise T1553 Subvert Trust Controls -
enterprise T1553.002 Code Signing Nerex drops a signed Microsoft DLL to disk.2

Groups That Use This Software

ID Name References
G0066 Elderwood 1

References