Axiom
Associated Group Descriptions |
|
Name | Description |
---|---|
Group 72 | (Citation: Cisco Group 72) |
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1583 | .002 | Acquire Infrastructure: DNS Server |
Axiom has acquired dynamic DNS services for use in the targeting of intended victims.(Citation: Novetta-Axiom) |
.003 | Acquire Infrastructure: Virtual Private Server |
Axiom has used VPS hosting providers in targeting of intended victims.(Citation: Novetta-Axiom) |
||
Enterprise | T1584 | .005 | Compromise Infrastructure: Botnet |
Axiom has used large groups of compromised machines for use as proxy nodes.(Citation: Novetta-Axiom) |
Enterprise | T1001 | .002 | Data Obfuscation: Steganography |
Axiom has used steganography to hide its C2 communications.(Citation: Novetta-Axiom) |
Enterprise | T1546 | .008 | Event Triggered Execution: Accessibility Features |
Axiom actors have been known to use the Sticky Keys replacement within RDP sessions to obtain persistence.(Citation: Novetta-Axiom) |
Enterprise | T1563 | .002 | Remote Service Session Hijacking: RDP Hijacking |
Axiom has targeted victims with remote administration tools including RDP.(Citation: Novetta-Axiom) |
Enterprise | T1021 | .001 | Remote Services: Remote Desktop Protocol |
Axiom has used RDP during operations.(Citation: Novetta-Axiom) |
References
- Novetta. (n.d.). Operation SMN: Axiom Threat Actor Group Report. Retrieved November 12, 2014.
- Allievi, A., et al. (2014, October 28). Threat Spotlight: Group 72, Opening the ZxShell. Retrieved September 24, 2019.
- Esler, J., Lee, M., and Williams, C. (2014, October 14). Threat Spotlight: Group 72. Retrieved January 14, 2016.
- Kaspersky Lab's Global Research and Analysis Team. (2013, April 11). Winnti. More than just a game. Retrieved February 8, 2017.
- Novetta Threat Research Group. (2015, April 7). Winnti Analysis. Retrieved February 8, 2017.
- Tarakanov, D. (2015, June 22). Games are over: Winnti is now targeting pharmaceutical companies. Retrieved January 14, 2016.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.