Skip to content

S0210 Nerex

Nerex is a Trojan used by Elderwood to open a backdoor on compromised hosts. 1 2

Item Value
ID S0210
Associated Names
Type MALWARE
Version 1.0
Created 18 April 2018
Last Modified 06 January 2021
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1543 Create or Modify System Process -
enterprise T1543.003 Windows Service Nerex creates a Registry subkey that registers a new service.2
enterprise T1105 Ingress Tool Transfer Nerex creates a backdoor through which remote attackers can download files onto a compromised host.3
enterprise T1112 Modify Registry Nerex creates a Registry subkey that registers a new service.2
enterprise T1553 Subvert Trust Controls -
enterprise T1553.002 Code Signing Nerex drops a signed Microsoft DLL to disk.2

Groups That Use This Software

ID Name References
G0066 Elderwood 1

References

  1. O’Gorman, G., and McDonald, G.. (2012, September 6). The Elderwood Project. Retrieved February 15, 2018. 

  2. Ladley, F. (2012, May 15). Backdoor.Nerex. Retrieved February 23, 2018. 

  3. Ladley, F. (2012, May 15). Backdoor.Ritsol. Retrieved February 23, 2018.