Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Поиск
Вход Регистрация
MITRE ATT&CK - Преступная группа TA459
Риски
Каталоги
MITRE ATT&CK
Преступная группа
TA459
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

TA459

TA459 is a threat group believed to operate out of China that has targeted countries including Russia, Belarus, Mongolia, and others. (Citation: Proofpoint TA459 April 2017)
ID: G0062
Associated Groups: 
Version: 1.1
Created: 18 Apr 2018
Last Modified: 25 Apr 2025

Associated Group Descriptions
Name Description

Techniques Used
Domain ID Name Use
Enterprise T1059 .001 Command and Scripting Interpreter: PowerShell

TA459 has used PowerShell for execution of a payload.(Citation: Proofpoint TA459 April 2017)
.005 Command and Scripting Interpreter: Visual Basic

TA459 has a VBScript for execution.(Citation: Proofpoint TA459 April 2017)

Enterprise T1566 .001 Phishing: Spearphishing Attachment

TA459 has targeted victims using spearphishing emails with malicious Microsoft Word attachments.(Citation: Proofpoint TA459 April 2017)
Enterprise T1204 .002 User Execution: Malicious File

TA459 has attempted to get victims to open malicious Microsoft Word attachment sent via spearphishing.(Citation: Proofpoint TA459 April 2017)

Software
ID Name References Techniques
S0230 ZeroT (Citation: Proofpoint TA459 April 2017) (Citation: Proofpoint ZeroT Feb 2017) Encrypted/Encoded File, Bypass User Account Control, Symmetric Cryptography, Windows Service, DLL, System Information Discovery, Deobfuscate/Decode Files or Information, Junk Code Insertion, System Network Configuration Discovery, Software Packing, Web Protocols, Ingress Tool Transfer, Steganography
S0013 PlugX (Citation: CIRCL PlugX March 2013) (Citation: Dell TG-3390) (Citation: DestroyRAT) (Citation: FireEye Clandestine Fox Part 2) (Citation: Kaba) (Citation: Korplug) (Citation: Lastline PlugX Analysis) (Citation: New DragonOK) (Citation: Novetta-Axiom) (Citation: Proofpoint TA459 April 2017) (Citation: Sogu) (Citation: TVT) (Citation: Thoper) Screen Capture, Keylogging, DNS, Match Legitimate Resource Name or Location, Symmetric Cryptography, Windows Service, System Checks, DLL, Network Share Discovery, Native API, Deobfuscate/Decode Files or Information, Disable or Modify System Firewall, Modify Registry, File and Directory Discovery, Masquerade Task or Service, System Network Connections Discovery, Process Discovery, Multiband Communication, Registry Run Keys / Startup Folder, Non-Standard Port, Obfuscated Files or Information, Non-Application Layer Protocol, Query Registry, MSBuild, Windows Command Shell, Web Protocols, DLL Side-Loading, Ingress Tool Transfer, Hidden Files and Directories, Custom Command and Control Protocol, Dead Drop Resolver, Commonly Used Port
S0032 gh0st RAT (Citation: Arbor Musical Chairs Feb 2018) (Citation: FireEye Hacking Team) (Citation: Moudoor) (Citation: Mydoor) (Citation: Nccgroup Gh0st April 2018) (Citation: Novetta-Axiom) (Citation: Proofpoint TA459 April 2017) Screen Capture, Rundll32, Standard Encoding, Keylogging, Shared Modules, Symmetric Cryptography, Windows Service, Fast Flux DNS, DLL, System Information Discovery, Native API, Deobfuscate/Decode Files or Information, Process Injection, Modify Registry, Clear Windows Event Logs, Command and Scripting Interpreter, Process Discovery, Registry Run Keys / Startup Folder, Encrypted Channel, Non-Application Layer Protocol, Query Registry, File Deletion, Ingress Tool Transfer, Service Execution
S0033 NetTraveler (Citation: Kaspersky NetTraveler) (Citation: Proofpoint TA459 April 2017) Keylogging, Application Window Discovery

References

  1. Axel F. (2017, April 27). APT Targets Financial Analysts with CVE-2017-0199. Retrieved February 15, 2018.
Навигация

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.