Threat Group-1314
Associated Group Descriptions |
|
| Name | Description |
|---|---|
| TG-1314 | (Citation: Dell TG-1314) |
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
Threat Group-1314 actors spawned shells on remote systems on a victim network to execute commands.(Citation: Dell TG-1314) |
| Enterprise | T1021 | .002 | Remote Services: SMB/Windows Admin Shares |
Threat Group-1314 actors mapped network drives using |
| Enterprise | T1078 | .002 | Valid Accounts: Domain Accounts |
Threat Group-1314 actors used compromised domain credentials for the victim's endpoint management platform, Altiris, to move laterally.(Citation: Dell TG-1314) |
Software |
|||
| ID | Name | References | Techniques |
|---|---|---|---|
| S0039 | Net | (Citation: Dell TG-1314) (Citation: Microsoft Net Utility) (Citation: Savill 1999) | Password Policy Discovery, Domain Groups, System Time Discovery, Domain Account, Local Account, System Service Discovery, Remote System Discovery, Network Share Discovery, System Network Connections Discovery, Network Share Connection Removal, Service Execution, Local Account, Local Groups, SMB/Windows Admin Shares, Domain Account |
| S0029 | PsExec | (Citation: Dell TG-1314) (Citation: Russinovich Sysinternals) (Citation: SANS PsExec) | SMB/Windows Admin Shares, Windows Service, Lateral Tool Transfer, Service Execution, Domain Account |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.