Whitefly
Associated Group Descriptions |
|
| Name | Description |
|---|---|
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1574 | .001 | Hijack Execution Flow: DLL Search Order Hijacking |
Whitefly has used search order hijacking to run the loader Vcrodat.(Citation: Symantec Whitefly March 2019) |
| Enterprise | T1036 | .005 | Masquerading: Match Legitimate Name or Location |
Whitefly has named the malicious DLL the same name as DLLs belonging to legitimate software from various security vendors.(Citation: Symantec Whitefly March 2019) |
| Enterprise | T1003 | .001 | OS Credential Dumping: LSASS Memory |
Whitefly has used Mimikatz to obtain credentials.(Citation: Symantec Whitefly March 2019) |
| Enterprise | T1588 | .002 | Obtain Capabilities: Tool |
Whitefly has obtained and used tools such as Mimikatz.(Citation: Symantec Whitefly March 2019) |
| Enterprise | T1204 | .002 | User Execution: Malicious File |
Whitefly has used malicious .exe or .dll files disguised as documents or images.(Citation: Symantec Whitefly March 2019) |
Software |
|||
| ID | Name | References | Techniques |
|---|---|---|---|
| S0002 | Mimikatz | (Citation: Adsecurity Mimikatz Guide) (Citation: Deply Mimikatz) (Citation: Symantec Whitefly March 2019) | DCSync, Credentials from Password Stores, Rogue Domain Controller, Private Keys, SID-History Injection, Security Support Provider, Pass the Hash, Account Manipulation, Pass the Ticket, Credentials from Web Browsers, Golden Ticket, Security Account Manager, LSASS Memory, Silver Ticket, Windows Credential Manager, Steal or Forge Authentication Certificates, LSA Secrets |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.