สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency

Report

Home > List all groups > List all tools > List all groups using tool SilverHawk

Threat Group Cards: A Threat Actor Encyclopedia

Tool: SilverHawk

Names	SilverHawk
Category	Malware
Type	Backdoor, Info stealer, Exfiltration
Description	(Lookout) App Capabilities: • Record Audio o Stream environment audio over raw socket when instructed • Take photos with device camera • Survival counter - failed server connections and it stops • Retrieve files from external storage o Top directory o Downloads, Pictures, DCIM directories o WhatsApp, Telegram, Viber, ShareIt content o Files sent over Bluetooth • File utility to copy, move, rename, and delete files • Download attacker specified files • Enumerate installed apps incl. date & time installed • Attempt to execute attacker specified commands or binary as root • Retrieve contacts and related data: o Call logs o Contacts o Text Messages • Location, direction, and acceleration of the device • Remotely updateable C2 IP and port • Hide Icon • Device information o Retrieve battery levels, WiFi and GPS status, storage and cellular carrier info
Information	<https://i.blackhat.com/eu-18/Wed-Dec-5/eu-18-DelRosso-Under-the-SEA.pdf>

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

Previous: SilkBean
Next: Silver Lambert

All groups using tool SilverHawk

Changed	Name	Country	Observed
APT groups
	Syrian Electronic Army (SEA), Deadeye Jackal		2011-Aug 2021

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Report incidents

+66 (0)2-123-1227

[email protected]