Rubeus
Techniques Used |
||||
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1558 | .001 | Steal or Forge Kerberos Tickets: Golden Ticket |
Rubeus can forge a ticket-granting ticket.(Citation: GitHub Rubeus March 2023) |
| .002 | Steal or Forge Kerberos Tickets: Silver Ticket |
Rubeus can create silver tickets.(Citation: GitHub Rubeus March 2023) |
||
| .003 | Steal or Forge Kerberos Tickets: Kerberoasting |
Rubeus can use the `KerberosRequestorSecurityToken.GetRequest` method to request kerberoastable service tickets.(Citation: GitHub Rubeus March 2023) |
||
| .004 | Steal or Forge Kerberos Tickets: AS-REP Roasting |
Rubeus can reveal the credentials of accounts that have Kerberos pre-authentication disabled through AS-REP roasting.(Citation: GitHub Rubeus March 2023)(Citation: DFIR Ryuk's Return October 2020)(Citation: DFIR Ryuk 2 Hour Speed Run November 2020) |
||
Groups That Use This Software |
||
| ID | Name | References |
|---|---|---|
| G0102 | Wizard Spider |
(Citation: Mandiant FIN12 Oct 2021) |
References
- Harmj0y. (n.d.). Rubeus. Retrieved March 29, 2023.
- Kimberly Goody, Jeremy Kennelly, Joshua Shilko, Steve Elovitz, Douglas Bienstock. (2020, October 28). Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser. Retrieved October 28, 2020.
- The DFIR Report. (2020, November 5). Ryuk Speed Run, 2 Hours to Ransom. Retrieved November 6, 2020.
- The DFIR Report. (2020, October 8). Ryuk’s Return. Retrieved October 9, 2020.
- Shilko, J., et al. (2021, October 7). FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets. Retrieved June 15, 2023.
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.