Tor
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1573 | .002 | Encrypted Channel: Asymmetric Cryptography |
Tor encapsulates traffic in multiple layers of encryption, using TLS by default.(Citation: Dingledine Tor The Second-Generation Onion Router) |
Enterprise | T1090 | .003 | Proxy: Multi-hop Proxy |
Traffic traversing the Tor network will be forwarded to multiple nodes before exiting the Tor network and continuing on to its intended destination.(Citation: Dingledine Tor The Second-Generation Onion Router) |
Groups That Use This Software |
||
ID | Name | References |
---|---|---|
G1032 | INC Ransom |
(Citation: Secureworks GOLD IONIC April 2024) (Citation: SentinelOne INC Ransomware) (Citation: SOCRadar INC Ransom January 2024) |
(Citation: FoxIT Wocao December 2019) |
||
(Citation: BlackBerry CostaRicto November 2020) |
||
G0007 | APT28 |
(Citation: Cybersecurity Advisory GRU Brute Force Campaign July 2021) |
G0016 | APT29 |
(Citation: Mandiant No Easy Breach) |
G0065 | Leviathan |
(Citation: CISA AA21-200A APT40 July 2021) |
References
- Roger Dingledine, Nick Mathewson and Paul Syverson. (2004). Tor: The Second-Generation Onion Router. Retrieved December 21, 2017.
- Counter Threat Unit Research Team. (2024, April 15). GOLD IONIC DEPLOYS INC RANSOMWARE. Retrieved June 5, 2024.
- SentinelOne. (n.d.). What Is Inc. Ransomware?. Retrieved June 5, 2024.
- SOCRadar. (2024, January 24). Dark Web Profile: INC Ransom. Retrieved June 5, 2024.
- Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020.
- The BlackBerry Research and Intelligence Team. (2020, November 12). The CostaRicto Campaign: Cyber-Espionage Outsourced. Retrieved May 24, 2021.
- NSA, CISA, FBI, NCSC. (2021, July). Russian GRU Conducting Global Brute Force Campaign to Compromise Enterprise and Cloud Environments. Retrieved July 26, 2021.
- Dunwoody, M. and Carr, N.. (2016, September 27). No Easy Breach DerbyCon 2016. Retrieved September 12, 2024.
- CISA. (2021, July 19). (AA21-200A) Joint Cybersecurity Advisory – Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department. Retrieved August 12, 2021.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.