Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Вход Регистрация
MITRE ATT&CK - Инструмент BloodHound
CVE уязвимости
БДУ ФСТЭК уязвимости
НКЦКИ уязвимости
MITRE ATT&CK
БДУ ФСТЭК
Новая БДУ ФСТЭК
Риски
Каталоги
MITRE ATT&CK
Инструмент
BloodHound
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

BloodHound

BloodHound is an Active Directory (AD) reconnaissance tool that can reveal hidden relationships and identify attack paths within an AD environment.(Citation: GitHub Bloodhound)(Citation: CrowdStrike BloodHound April 2018)(Citation: FoxIT Wocao December 2019)
ID: S0521
Type: TOOL
Platforms: Windows
Version: 1.6
Created: 28 Oct 2020
Last Modified: 25 Sep 2024

Techniques Used
Domain ID Name Use
Enterprise T1087 .001 Account Discovery: Local Account

BloodHound can identify users with local administrator rights.(Citation: CrowdStrike BloodHound April 2018)
.002 Account Discovery: Domain Account

BloodHound can collect information about domain users, including identification of domain admin accounts.(Citation: CrowdStrike BloodHound April 2018)

Enterprise T1059 .001 Command and Scripting Interpreter: PowerShell

BloodHound can use PowerShell to pull Active Directory information from the target environment.(Citation: CrowdStrike BloodHound April 2018)
Enterprise T1069 .001 Permission Groups Discovery: Local Groups

BloodHound can collect information about local groups and members.(Citation: CrowdStrike BloodHound April 2018)
.002 Permission Groups Discovery: Domain Groups

BloodHound can collect information about domain groups and members.(Citation: CrowdStrike BloodHound April 2018)

Groups That Use This Software
ID Name References

(Citation: FoxIT Wocao December 2019)

G0102 Wizard Spider

(Citation: DHS/CISA Ransomware Targeting Healthcare October 2020) (Citation: FireEye KEGTAP SINGLEMALT October 2020) (Citation: Sophos New Ryuk Attack October 2020) (Citation: Mandiant FIN12 Oct 2021)

G0016 APT29

(Citation: ESET T3 Threat Report 2021)

G0114 Chimera

(Citation: Cycraft Chimera April 2020)

G0092 TA505

(Citation: NCC Group TA505)

G0116 Operation Wocao

(Citation: FoxIT Wocao December 2019)

G1040 Play

(Citation: Trend Micro Ransomware Spotlight Play July 2023)

G1003 Ember Bear

(Citation: CISA GRU29155 2024)

References

  1. Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020.
  2. Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020.
  3. Red Team Labs. (2018, April 24). Hidden Administrative Accounts: BloodHound to the Rescue. Retrieved October 28, 2020.
  4. Robbins, A., Vazarkar, R., and Schroeder, W. (2016, April 17). Bloodhound: Six Degrees of Domain Admin. Retrieved March 5, 2019.
  5. Kenefick, I. et al. (2022, October 12). Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike. Retrieved February 6, 2023.
  6. DHS/CISA. (2020, October 28). Ransomware Activity Targeting the Healthcare and Public Health Sector. Retrieved October 28, 2020.
  7. Kimberly Goody, Jeremy Kennelly, Joshua Shilko, Steve Elovitz, Douglas Bienstock. (2020, October 28). Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser. Retrieved October 28, 2020.
  8. Sean Gallagher, Peter Mackenzie, Elida Leite, Syed Shahram, Bill Kearney, Anand Aijan, Sivagnanam Gn, Suraj Mundalik. (2020, October 14). They’re back: inside a new Ryuk ransomware attack. Retrieved October 14, 2020.
  9. Shilko, J., et al. (2021, October 7). FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets. Retrieved June 15, 2023.
  10. ESET. (2022, February). THREAT REPORT T3 2021. Retrieved February 10, 2022.
  11. Cycraft. (2020, April 15). APT Group Chimera - APT Operation Skeleton key Targets Taiwan Semiconductor Vendors. Retrieved August 24, 2020..
  12. Terefos, A. (2020, November 18). TA505: A Brief History of Their Time. Retrieved July 14, 2022.
  13. Trend Micro Research. (2023, July 21). Ransomware Spotlight: Play. Retrieved September 24, 2024.
  14. US Cybersecurity & Infrastructure Security Agency et al. (2024, September 5). Russian Military Cyber Actors Target U.S. and Global Critical Infrastructure. Retrieved September 6, 2024.
Навигация

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.