Куда я попал?

SECURITM это SGRC система, автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.

Подробнее

Leafminer

Leafminer is an Iranian threat group that has targeted government organizations and business entities in the Middle East since at least early 2017. (Citation: Symantec Leafminer July 2018)

ID: G0077

Associated Groups: Raspite

Version: 2.3

Created: 17 Oct 2018

Last Modified: 12 Oct 2021

Name	Description
Associated Group Descriptions
Raspite	(Citation: Dragos Raspite Aug 2018)

Domain	ID		Name	Use
Techniques Used
Enterprise	T1110	.003	Brute Force: Password Spraying	Leafminer used a tool called Total SMB BruteForcer to perform internal password spraying.(Citation: Symantec Leafminer July 2018)
Enterprise	T1059	.007	Command and Scripting Interpreter: JavaScript	Leafminer infected victims using JavaScript code.(Citation: Symantec Leafminer July 2018)
Enterprise	T1136	.001	Create Account: Local Account	Leafminer used a tool called Imecab to set up a persistent remote access account on the victim machine.(Citation: Symantec Leafminer July 2018)
Enterprise	T1555	.003	Credentials from Password Stores: Credentials from Web Browsers	Leafminer used several tools for retrieving login and password information, including LaZagne.(Citation: Symantec Leafminer July 2018)
Enterprise	T1114	.002	Email Collection: Remote Email Collection	Leafminer used a tool called MailSniper to search through the Exchange server mailboxes for keywords.(Citation: Symantec Leafminer July 2018)
Enterprise	T1003	.001	OS Credential Dumping: LSASS Memory	Leafminer used several tools for retrieving login and password information, including LaZagne and Mimikatz.(Citation: Symantec Leafminer July 2018)
		.004	OS Credential Dumping: LSA Secrets	Leafminer used several tools for retrieving login and password information, including LaZagne.(Citation: Symantec Leafminer July 2018)
		.005	OS Credential Dumping: Cached Domain Credentials	Leafminer used several tools for retrieving login and password information, including LaZagne.(Citation: Symantec Leafminer July 2018)
Enterprise	T1588	.002	Obtain Capabilities: Tool	Leafminer has obtained and used tools such as LaZagne, Mimikatz, PsExec, and MailSniper.(Citation: Symantec Leafminer July 2018)
Enterprise	T1055	.013	Process Injection: Process Doppelgänging	Leafminer has used Process Doppelgänging to evade security software while deploying tools on compromised systems.(Citation: Symantec Leafminer July 2018)
Enterprise	T1552	.001	Unsecured Credentials: Credentials In Files	Leafminer used several tools for retrieving login and password information, including LaZagne.(Citation: Symantec Leafminer July 2018)

ID	Name	References	Techniques
Software
S0413	MailSniper	(Citation: GitHub MailSniper) (Citation: Symantec Leafminer July 2018)	Remote Email Collection, Password Spraying, Email Account
S0002	Mimikatz	(Citation: Adsecurity Mimikatz Guide) (Citation: Deply Mimikatz) (Citation: Symantec Leafminer July 2018)	DCSync, Credentials from Password Stores, Rogue Domain Controller, Private Keys, SID-History Injection, Security Support Provider, Pass the Hash, Account Manipulation, Pass the Ticket, Credentials from Web Browsers, Golden Ticket, Security Account Manager, LSASS Memory, Silver Ticket, Windows Credential Manager, Steal or Forge Authentication Certificates, LSA Secrets
S0349	LaZagne	(Citation: GitHub LaZagne Dec 2018) (Citation: Symantec Leafminer July 2018)	Credentials In Files, Windows Credential Manager, LSA Secrets, /etc/passwd and /etc/shadow, Credentials from Web Browsers, LSASS Memory, Cached Domain Credentials, Credentials from Password Stores, Keychain, Proc Filesystem
S0029	PsExec	(Citation: Russinovich Sysinternals) (Citation: SANS PsExec) (Citation: Symantec Leafminer July 2018)	SMB/Windows Admin Shares, Windows Service, Lateral Tool Transfer, Service Execution, Domain Account

References

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.

Leafminer

Associated Group Descriptions

Techniques Used

Software

References