Threat Group-1314
Associated Group Descriptions |
|
| Name | Description |
|---|---|
| TG-1314 | (Citation: Dell TG-1314) |
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
Threat Group-1314 actors spawned shells on remote systems on a victim network to execute commands.(Citation: Dell TG-1314) |
| Enterprise | T1021 | .002 | Remote Services: SMB/Windows Admin Shares |
Threat Group-1314 actors mapped network drives using |
| Enterprise | T1078 | .002 | Valid Accounts: Domain Accounts |
Threat Group-1314 actors used compromised domain credentials for the victim's endpoint management platform, Altiris, to move laterally.(Citation: Dell TG-1314) |
Software |
|||
| ID | Name | References | Techniques |
|---|---|---|---|
| S0039 | Net | (Citation: Dell TG-1314) (Citation: Microsoft Net Utility) (Citation: Savill 1999) | Domain Account, Local Account, Domain Groups, System Service Discovery, Network Share Discovery, Additional Local or Domain Groups, SMB/Windows Admin Shares, Local Account, Domain Account, System Network Connections Discovery, Local Groups, Network Share Connection Removal, Password Policy Discovery, Remote System Discovery, Service Execution, System Time Discovery |
| S0029 | PsExec | (Citation: Dell TG-1314) (Citation: Russinovich Sysinternals) (Citation: SANS PsExec) | Windows Service, SMB/Windows Admin Shares, Domain Account, Lateral Tool Transfer, Service Execution |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.