Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Вход Регистрация
MITRE ATT&CK - Инструмент Tasklist
CVE уязвимости
БДУ ФСТЭК уязвимости
НКЦКИ уязвимости
MITRE ATT&CK
БДУ ФСТЭК
Новая БДУ ФСТЭК
Риски
Каталоги
MITRE ATT&CK
Инструмент
Tasklist
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

Tasklist

The Tasklist utility displays a list of applications and services with their Process IDs (PID) for all tasks running on either a local or a remote computer. It is packaged with Windows operating systems and can be executed from the command-line interface. (Citation: Microsoft Tasklist)
ID: S0057
Type: TOOL
Platforms: Windows
Version: 1.2
Created: 31 May 2017
Last Modified: 12 Feb 2024

Techniques Used
Domain ID Name Use
Enterprise T1518 .001 Software Discovery: Security Software Discovery

Tasklist can be used to enumerate security software currently running on a system by process name of known products.(Citation: Microsoft Tasklist)

Groups That Use This Software
ID Name References
G1023 APT5

(Citation: Mandiant Pulse Secure Update May 2021)

G0016 APT29

(Citation: CISA SoreFang July 2016)

G0049 OilRig

(Citation: Palo Alto OilRig May 2016) (Citation: FireEye APT34 Dec 2017)

G0072 Honeybee

(Citation: McAfee Honeybee)

G0004 Ke3chang

(Citation: NCC Group APT15 Alive and Strong)

G1006 Earth Lusca

(Citation: TrendMicro EarthLusca 2022)

G1017 Volt Typhoon

(Citation: Secureworks BRONZE SILHOUETTE May 2023) (Citation: Joint Cybersecurity Advisory Volt Typhoon June 2023) (Citation: CISA AA24-038A PRC Critical Infrastructure February 2024)

G0006 APT1

(Citation: Mandiant APT1)

G0027 Threat Group-3390

(Citation: Trend Micro DRBControl February 2020)

G0009 Deep Panda

(Citation: Alperovitch 2014)

(Citation: Bitdefender FunnyDream Campaign November 2020)

(Citation: McAfee Honeybee)

G0010 Turla

(Citation: Kaspersky Turla)

G0019 Naikon

(Citation: Baumgartner Naikon 2015)

References

  1. Sherstobitoff, R. (2018, March 02). McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018.
  2. Microsoft. (n.d.). Tasklist. Retrieved December 23, 2015.
  3. Perez, D. et al. (2021, May 27). Re-Checking Your Pulse: Updates on Chinese APT Actors Compromising Pulse Secure VPN Devices. Retrieved February 5, 2024.
  4. CISA. (2020, July 16). MAR-10296782-1.v1 – SOREFANG. Retrieved September 29, 2020.
  5. Falcone, R. and Lee, B.. (2016, May 26). The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor. Retrieved May 3, 2017.
  6. Sardiwal, M, et al. (2017, December 7). New Targeted Attack in the Middle East by APT34, a Suspected Iranian Threat Group, Using CVE-2017-11882 Exploit. Retrieved December 20, 2017.
  7. Smallridge, R. (2018, March 10). APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS. Retrieved April 4, 2018.
  8. Chen, J., et al. (2022). Delving Deep: An Analysis of Earth Lusca’s Operations. Retrieved July 1, 2022.
  9. CISA et al.. (2024, February 7). PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure. Retrieved May 15, 2024.
  10. Counter Threat Unit Research Team. (2023, May 24). Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations. Retrieved July 27, 2023.
  11. NSA et al. (2023, May 24). People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection. Retrieved July 27, 2023.
  12. Mandiant. (n.d.). APT1 Exposing One of China’s Cyber Espionage Units. Retrieved July 18, 2016.
  13. Lunghi, D. et al. (2020, February). Uncovering DRBControl. Retrieved November 12, 2021.
  14. Alperovitch, D. (2014, July 7). Deep in Thought: Chinese Targeting of National Security Think Tanks. Retrieved November 12, 2014.
  15. Vrabie, V. (2020, November). Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions. Retrieved September 19, 2022.
  16. Kaspersky Lab's Global Research and Analysis Team. (2014, August 7). The Epic Turla Operation: Solving some of the mysteries of Snake/Uroburos. Retrieved December 11, 2014.
  17. Baumgartner, K., Golovkin, M.. (2015, May). The MsnMM Campaigns: The Earliest Naikon APT Campaigns. Retrieved April 10, 2019.
Навигация

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.