Куда я попал?
TRITON
This entry was deprecated as it was inadvertently added to Enterprise; a similar Software entry was created for ATT&CK for ICS.
TRITON is an attack framework built to interact with Triconex Safety Instrumented System (SIS) controllers. TRITON was deployed against at least one target in the Middle East. (Citation: FireEye TRITON 2017)(Citation: FireEye TRITON 2018)(Citation: Dragos TRISIS)(Citation: CISA HatMan)(Citation: FireEye TEMP.Veles 2018)
ID: S0609
Type: MALWARE
Platforms: Windows
Version: 1.0
Created: 11 Jan 2021
Last Modified: 20 Oct 2023
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .006 | Command and Scripting Interpreter: Python |
TRITON was run as trilog.exe, a Py2EXE compiled python script that accepts a single IP address as a flag.(Citation: FireEye TRITON 2017) |
Enterprise | T1036 | .005 | Masquerading: Match Legitimate Name or Location |
TRITON disguised itself as the legitimate Triconex Trilog application.(Citation: FireEye TRITON 2017) |
Groups That Use This Software |
||
ID | Name | References |
---|---|---|
G0088 | TEMP.Veles |
(Citation: FireEye TEMP.Veles 2018) |
References
- FireEye Intelligence . (2018, October 23). TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers. Retrieved April 16, 2019.
- Johnson, B, et. al. (2017, December 14). Attackers Deploy New ICS Attack Framework "TRITON" and Cause Operational Disruption to Critical Infrastructure. Retrieved January 6, 2021.
- CISA. (2019, February 27). MAR-17-352-01 HatMan-Safety System Targeted Malware. Retrieved January 6, 2021.
- Dragos. (2017, December 13). TRISIS Malware Analysis of Safety System Targeted Malware. Retrieved January 6, 2021.
- Miller, S. Reese, E. (2018, June 7). A Totally Tubular Treatise on TRITON and TriStation. Retrieved January 6, 2021.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.