Orz
Associated Software Descriptions |
|
| Name | Description |
|---|---|
| AIRBREAK | (Citation: FireEye Periscope March 2018) |
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell |
Orz can execute shell commands.(Citation: Proofpoint Leviathan Oct 2017) Orz can execute commands with JavaScript.(Citation: Proofpoint Leviathan Oct 2017) |
| Enterprise | T1055 | .012 | Process Injection: Process Hollowing |
Some Orz versions have an embedded DLL known as MockDll that uses process hollowing and Regsvr32 to execute another payload.(Citation: Proofpoint Leviathan Oct 2017) |
| Enterprise | T1218 | .010 | System Binary Proxy Execution: Regsvr32 |
Some Orz versions have an embedded DLL known as MockDll that uses Process Hollowing and regsvr32 to execute another payload.(Citation: Proofpoint Leviathan Oct 2017) |
| Enterprise | T1102 | .002 | Web Service: Bidirectional Communication |
Orz has used Technet and Pastebin web pages for command and control.(Citation: Proofpoint Leviathan Oct 2017) |
Groups That Use This Software |
||
| ID | Name | References |
|---|---|---|
| G0065 | Leviathan |
(Citation: Proofpoint Leviathan Oct 2017) (Citation: CISA AA21-200A APT40 July 2021) (Citation: Accenture MUDCARP March 2019) |
References
- Axel F, Pierre T. (2017, October 16). Leviathan: Espionage actor spearphishes maritime and defense targets. Retrieved February 15, 2018.
- FireEye. (2018, March 16). Suspected Chinese Cyber Espionage Group (TEMP.Periscope) Targeting U.S. Engineering and Maritime Industries. Retrieved April 11, 2018.
- CISA. (2021, July 19). (AA21-200A) Joint Cybersecurity Advisory – Tactics, Techniques, and Procedures of Indicted APT40 Actors Associated with China’s MSS Hainan State Security Department. Retrieved August 12, 2021.
- Accenture iDefense Unit. (2019, March 5). Mudcarp's Focus on Submarine Technologies. Retrieved August 24, 2021.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.