Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

PittyTiger

PittyTiger is a threat group believed to operate out of China that uses multiple different types of malware to maintain command and control.(Citation: Bizeul 2014)(Citation: Villeneuve 2014)

ID: G0011

Associated Groups:

Version: 1.2

Created: 31 May 2017

Last Modified: 12 Oct 2021

Name	Description
Associated Group Descriptions

Domain	ID		Name	Use
Techniques Used
Enterprise	T1588	.002	Obtain Capabilities: Tool	PittyTiger has obtained and used tools such as Mimikatz and gsecdump.(Citation: Bizeul 2014)

ID	Name	References	Techniques
Software
S0010	Lurid	(Citation: Villeneuve 2011) (Citation: Villeneuve 2014)	Symmetric Cryptography, Archive Collected Data
S0032	gh0st RAT	(Citation: Arbor Musical Chairs Feb 2018) (Citation: Bizeul 2014) (Citation: FireEye Hacking Team) (Citation: Moudoor) (Citation: Mydoor) (Citation: Nccgroup Gh0st April 2018) (Citation: Novetta-Axiom) (Citation: Villeneuve 2014)	Shared Modules, Modify Registry, Ingress Tool Transfer, Process Injection, Rundll32, Service Execution, DLL Side-Loading, Command and Scripting Interpreter, Query Registry, Deobfuscate/Decode Files or Information, Symmetric Cryptography, Non-Application Layer Protocol, Native API, Process Discovery, Windows Service, Registry Run Keys / Startup Folder, Clear Windows Event Logs, System Information Discovery, File Deletion, Screen Capture, Fast Flux DNS, Keylogging, Standard Encoding, Encrypted Channel
S0002	Mimikatz	(Citation: Adsecurity Mimikatz Guide) (Citation: Bizeul 2014) (Citation: Deply Mimikatz)	DCSync, Credentials from Password Stores, Rogue Domain Controller, Private Keys, SID-History Injection, Security Support Provider, Pass the Hash, Account Manipulation, Pass the Ticket, Credentials from Web Browsers, Golden Ticket, Security Account Manager, LSASS Memory, Silver Ticket, Windows Credential Manager, Steal or Forge Authentication Certificates, LSA Secrets
S0008	gsecdump	(Citation: Bizeul 2014) (Citation: TrueSec Gsecdump)	Security Account Manager, LSA Secrets
S0012	PoisonIvy	(Citation: Breut) (Citation: Darkmoon) (Citation: FireEye Poison Ivy) (Citation: Novetta-Axiom) (Citation: Poison Ivy) (Citation: Symantec Darkmoon Aug 2005) (Citation: Symantec Darkmoon Sept 2014) (Citation: Symantec Elderwood Sept 2012) (Citation: Villeneuve 2014)	Windows Service, Modify Registry, Uncommonly Used Port, Registry Run Keys / Startup Folder, Obfuscated Files or Information, Keylogging, Active Setup, Dynamic-link Library Injection, Local Data Staging, Windows Command Shell, Ingress Tool Transfer, Symmetric Cryptography, Data from Local System, Application Window Discovery, Rootkit

References

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

PittyTiger

Associated Group Descriptions

Techniques Used

Software

References