Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 14:26:01 UTC
Home > List all groups > List all tools > List all groups using tool SilverHawk
 Tool: SilverHawk
Names SilverHawk
Category Malware
Type Backdoor, Info stealer, Exfiltration
Description
(Lookout) App Capabilities:
• Record Audio
o Stream environment audio over raw socket when instructed
• Take photos with device camera
• Survival counter - failed server connections and it stops
• Retrieve files from external storage
o Top directory
o Downloads, Pictures, DCIM directories
o WhatsApp, Telegram, Viber, ShareIt content
o Files sent over Bluetooth
• File utility to copy, move, rename, and delete files
• Download attacker specified files
• Enumerate installed apps incl. date & time installed
• Attempt to execute attacker specified commands or binary as root
• Retrieve contacts and related data:
o Call logs
o Contacts
o Text Messages
• Location, direction, and acceleration of the device
• Remotely updateable C2 IP and port
• Hide Icon
• Device information
o Retrieve battery levels, WiFi and GPS status, storage and cellular carrier info
Information <https://i.blackhat.com/eu-18/Wed-Dec-5/eu-18-DelRosso-Under-the-SEA.pdf>
Last change to this tool card: 20 April 2020
Download this tool card in JSON format
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ec12d7cd-5480-4511-a333-2b0c4c26c65e
Page 1 of 2

All groups using tool SilverHawk
Changed Name Country Observed
APT groups
  Syrian Electronic Army (SEA), Deadeye Jackal 2011-Aug 2021
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ec12d7cd-5480-4511-a333-2b0c4c26c65e
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ec12d7cd-5480-4511-a333-2b0c4c26c65e
Page 2 of 2