Empire
Associated Software Descriptions |
|
| Name | Description |
|---|---|
| EmPyre | (Citation: Github PowerShell Empire) |
Groups That Use This Software |
||
| ID | Name | References |
|---|---|---|
| G0091 | Silence |
(Citation: Group IB Silence Aug 2019) |
| G0051 | FIN10 |
(Citation: FireEye FIN10 June 2017) |
| G0010 | Turla |
(Citation: ESET Turla August 2018) (Citation: ESET Crutch December 2020) |
| G0101 | Frankenstein |
(Citation: Talos Frankenstein June 2019) |
| G0090 | WIRTE |
(Citation: Lab52 WIRTE Apr 2019) |
| G0034 | Sandworm Team |
(Citation: mandiant_apt44_unearthing_sandworm) |
| G1040 | Play |
(Citation: Trend Micro Ransomware Spotlight Play July 2023) |
| G0065 | Leviathan |
(Citation: CISA AA21-200A APT40 July 2021) |
| G1016 | FIN13 |
(Citation: Sygnia Elephant Beetle Jan 2022) |
| G0073 | APT19 |
(Citation: NCSC Joint Report Public Tools) |
| G0119 | Indrik Spider |
(Citation: Crowdstrike Indrik November 2018) |
| G0052 | CopyKittens |
(Citation: ClearSky Wilted Tulip July 2017) |
| G1001 | HEXANE |
(Citation: SecureWorks August 2019) |
| G0096 | APT41 |
(Citation: Crowdstrike GTR2020 Mar 2020) |
| G0140 | LazyScripter |
(Citation: MalwareBytes LazyScripter Feb 2021) |
| G0069 | MuddyWater |
(Citation: TrendMicro POWERSTATS V3 June 2019) |
| G0064 | APT33 |
(Citation: FireEye APT33 Guardrail) (Citation: Symantec Elfin Mar 2019) |
| G0102 | Wizard Spider |
(Citation: DHS/CISA Ransomware Targeting Healthcare October 2020) (Citation: CrowdStrike Grim Spider May 2019) (Citation: FireEye KEGTAP SINGLEMALT October 2020) (Citation: Mandiant FIN12 Oct 2021) |
References
- SecureWorks 2019, August 27 LYCEUM Takes Center Stage in Middle East Campaign Retrieved. 2019/11/19
- Schroeder, W., Warner, J., Nelson, M. (n.d.). Github PowerShellEmpire. Retrieved April 28, 2016.
- Robertson, K. (2015, April 2). Inveigh: Windows PowerShell ADIDNS/LLMNR/mDNS/NBNS spoofer/man-in-the-middle tool. Retrieved March 11, 2019.
- Stepanic, D. (2018, September 2). attck_empire: Generate ATT&CK Navigator layer file from PowerShell Empire agent logs. Retrieved March 11, 2019.
- Adamitis, D. et al. (2019, June 4). It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign. Retrieved May 11, 2020.
- Schroeder, W., Warner, J., Nelson, M. (n.d.). Github PowerShellEmpire. Retrieved April 28, 2016.
- Group-IB. (2019, August). Silence 2.0: Going Global. Retrieved May 5, 2020.
- The Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), CERT New Zealand, the UK National Cyber Security Centre (UK NCSC) and the US National Cybersecurity and Communications Integration Center (NCCIC). (2018, October 11). Joint report on publicly available hacking tools. Retrieved March 11, 2019.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.