Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Вход Регистрация
MITRE ATT&CK - Техника Асимметричное шифрование
Сертификаты СЗИ
CVE уязвимости
БДУ ФСТЭК уязвимости
НКЦКИ уязвимости
MITRE ATT&CK
БДУ ФСТЭК
Новая БДУ ФСТЭК
EN
Риски
Каталоги
MITRE ATT&CK
Техника
Асимметричное шифрование
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

Encrypted Channel:  Асимметричное шифрование

ID Название
.001 Симметричное шифрование
.002 Асимметричное шифрование

Adversaries may employ a known asymmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Asymmetric cryptography, also known as public key cryptography, uses a keypair per party: one public that can be freely distributed, and one private. Due to how the keys are generated, the sender encrypts data with the receiver’s public key and the receiver decrypts the data with their private key. This ensures that only the intended recipient can read the encrypted data. Common public key encryption algorithms include RSA and ElGamal. For efficiency, many protocols (including SSL/TLS) use symmetric cryptography once a connection is established, but use asymmetric cryptography to establish or transmit a key. As such, these protocols are classified as Asymmetric Cryptography.

ID: T1573.002
Относится к технике:  T1573
Тактика(-и): Command and Control
Платформы: Linux, macOS, Network, Windows
Источники данных: Network Traffic: Network Traffic Content
Версия: 1.1
Дата создания: 16 Mar 2020
Последнее изменение: 26 Dec 2023

Примеры процедур
Название Описание
SombRAT

SombRAT can SSL encrypt C2 traffic.(Citation: BlackBerry CostaRicto November 2020)(Citation: FireEye FiveHands April 2021)(Citation: CISA AR21-126A FIVEHANDS May 2021)
Uroburos

Uroburos has used a combination of a Diffie-Hellman key exchange mixed with a pre-shared key (PSK) to encrypt its top layer of C2 communications.(Citation: Joint Cybersecurity Advisory AA23-129A Snake Malware May 2023)
Cyclops Blink

Cyclops Blink can encrypt C2 messages with AES-256-CBC sent underneath TLS. OpenSSL library functions are also used to encrypt each message using a randomly generated key and IV, which are then encrypted using a hard-coded RSA public key.(Citation: NCSC Cyclops Blink February 2022)
PITSTOP

PITSTOP has the ability to communicate over TLS.(Citation: Mandiant Cutting Edge Part 3 February 2024)
TA2541

TA2541 has used TLS encrypted C2 communications including for campaigns using AsyncRAT.(Citation: Cisco Operation Layover September 2021)

During Operation Wocao, threat actors' proxy implementation "Agent" upgraded the socket in use to a TLS socket.(Citation: FoxIT Wocao December 2019)
Metamorfo

Metamorfo's C2 communication has been encrypted using OpenSSL.(Citation: Medium Metamorfo Apr 2020)

Sykipot

Sykipot uses SSL for encrypting C2 communications.(Citation: Blasco 2013)
Bazar

Bazar can use TLS in C2 communications.(Citation: Zscaler Bazar September 2020)
TinyTurla

TinyTurla has the ability to encrypt C2 traffic with SSL/TLS.(Citation: Talos TinyTurla September 2021)
LunarWeb

LunarWeb can send short C2 commands, up to 512 bytes, encrypted with RSA-4096.(Citation: ESET Turla Lunar toolset May 2024)
SodaMaster

SodaMaster can use a hardcoded RSA key to encrypt some of its C2 traffic.(Citation: Securelist APT10 March 2021)
ComRAT

ComRAT can use SSL/TLS encryption for its HTTP-based C2 channel. ComRAT has used public key cryptography with RSA and AES encrypted email attachments for its Gmail C2 channel.(Citation: ESET ComRAT May 2020)(Citation: CISA ComRAT Oct 2020)

REvil

REvil has encrypted C2 communications with the ECIES algorithm.(Citation: Kaspersky Sodin July 2019)
Gazer

Gazer uses custom encryption for C2 that uses RSA.(Citation: ESET Gazer Aug 2017)(Citation: Securelist WhiteBear Aug 2017)
Pay2Key

Pay2Key has used RSA encrypted communications with C2.(Citation: Check Point Pay2Key November 2020)
Grandoreiro

Grandoreiro can use SSL in C2 communication.(Citation: IBM Grandoreiro April 2020)
Pupy

Pupy's default encryption for its C2 communication channel is SSL, but it also has transport options for RSA and AES.(Citation: GitHub Pupy)
ServHelper

ServHelper may set up a reverse SSH tunnel to give the attacker access to services running on the victim, such as RDP.(Citation: Proofpoint TA505 Jan 2019)
Mythic

Mythic supports SSL encrypted C2.(Citation: Mythc Documentation)

GrimAgent

GrimAgent can use a hardcoded server public RSA key to encrypt the first request to C2.(Citation: Group IB GrimAgent July 2021)
Attor

Attor's Blowfish key is encrypted with a public RSA key.(Citation: ESET Attor Oct 2019)
Doki

Doki has used the embedTLS library for network communications.(Citation: Intezer Doki July 20)
Dridex

Dridex has encrypted traffic with RSA.(Citation: Kaspersky Dridex May 2017)
WellMess

WellMess can communicate to C2 with mutual TLS where client and server mutually check certificates.(Citation: PWC WellMess July 2020)(Citation: PWC WellMess C2 August 2020)(Citation: CISA WellMess July 2020)(Citation: NCSC APT29 July 2020)
Tropic Trooper

Tropic Trooper has used SSL to connect to C2 servers.(Citation: TrendMicro Tropic Trooper Mar 2018)(Citation: TrendMicro Tropic Trooper May 2020)
Small Sieve

Small Sieve can use SSL/TLS for its HTTPS Telegram Bot API-based C2 channel.(Citation: DHS CISA AA22-055A MuddyWater February 2022)

Versa Director Zero Day Exploitation used HTTPS for command and control of compromised Versa Director servers.(Citation: Lumen Versa 2024)
LITTLELAMB.WOOLTEA

LITTLELAMB.WOOLTEA can communicate over SSL using the private key from the Ivanti Connect Secure web server.(Citation: Mandiant Cutting Edge Part 3 February 2024)
Carbon

Carbon has used RSA encryption for C2 communications.(Citation: Accenture HyperStack October 2020)
Tor

Tor encapsulates traffic in multiple layers of encryption, using TLS by default.(Citation: Dingledine Tor The Second-Generation Onion Router)
FRP

FRP can be configured to only accept TLS connections.(Citation: FRP GitHub)
GoldMax

GoldMax has RSA-encrypted its communication with the C2 server.(Citation: MSTIC NOBELIUM Mar 2021)
Sliver

Sliver can use mutual TLS and RSA cryptography to exchange a session key.(Citation: Cybersecurity Advisory SVR TTP May 2021)(Citation: Bishop Fox Sliver Framework August 2019)(Citation: GitHub Sliver Encryption)
RedCurl

RedCurl has used HTTPS for C2 communication.(Citation: group-ib_redcurl1)(Citation: group-ib_redcurl2)
Woody RAT

Woody RAT can use RSA-4096 to encrypt data sent to its C2 server.(Citation: MalwareBytes WoodyRAT Aug 2022)

GreyEnergy

GreyEnergy encrypts communications using RSA-2048.(Citation: ESET GreyEnergy Oct 2018)
BADHATCH

BADHATCH can beacon to a hardcoded C2 IP address using TLS encryption every 5 minutes.(Citation: Gigamon BADHATCH Jul 2019)
DarkWatchman

DarkWatchman can use TLS to encrypt its C2 channel.(Citation: Prevailion DarkWatchman 2021)
COATHANGER

COATHANGER connects to command and control infrastructure using SSL.(Citation: NCSC-NL COATHANGER Feb 2024)
Trojan.Karagany

Trojan.Karagany can secure C2 communications with SSL and TLS.(Citation: Secureworks Karagany July 2019)
OilRig

OilRig used the Plink utility and other tools to create tunnels to C2 servers.(Citation: FireEye APT34 Webinar Dec 2017)
Penquin

Penquin can encrypt communications using the BlowFish algorithm and a symmetric key exchanged with Diffie Hellman.(Citation: Leonardo Turla Penquin May 2020)
Machete

Machete has used TLS-encrypted FTP to exfiltrate data.(Citation: Cylance Machete Mar 2017)
Cobalt Strike

Cobalt Strike can use RSA asymmetric encryption with PKCS1 padding to encrypt data sent to the C2 server.(Citation: Talos Cobalt Strike September 2020)
Volgmer

Some Volgmer variants use SSL to encrypt C2 communications.(Citation: US-CERT Volgmer Nov 2017)
Hi-Zor

Hi-Zor encrypts C2 traffic with TLS.(Citation: Fidelis Hi-Zor)
StrongPity

StrongPity has encrypted C2 traffic using SSL/TLS.(Citation: Talos Promethium June 2020)
Rising Sun

Rising Sun variants can use SSL for encrypting C2 communications.(Citation: Bleeping Computer Op Sharpshooter March 2019)
POSHSPY

POSHSPY encrypts C2 traffic with AES and RSA.(Citation: FireEye POSHSPY April 2017)
XTunnel

XTunnel uses SSL/TLS and RC4 to encrypt traffic.(Citation: Invincea XTunnel)(Citation: ESET Sednit Part 2)

During C0021, the threat actors used SSL via TCP port 443 for C2 communications.(Citation: FireEye APT29 Nov 2018)
KEYPLUG

KEYPLUG can use TLS-encrypted WebSocket Protocol (WSS) for C2.(Citation: Mandiant APT41)
POWERSTATS

POWERSTATS has encrypted C2 traffic with RSA.(Citation: FireEye MuddyWater Mar 2018)
Zebrocy

Zebrocy uses SSL and AES ECB for encrypting C2 communications.(Citation: ESET Zebrocy Nov 2018)(Citation: ESET Zebrocy May 2019)(Citation: CISA Zebrocy Oct 2020)

PoetRAT

PoetRAT used TLS to encrypt command and control (C2) communications.(Citation: Talos PoetRAT April 2020)
Cobalt Group

Cobalt Group has used the Plink utility to create SSH tunnels.(Citation: Group IB Cobalt Aug 2017)
ADVSTORESHELL

A variant of ADVSTORESHELL encrypts some C2 with RSA.(Citation: Bitdefender APT28 Dec 2015)
Mispadu

Mispadu contains a copy of the OpenSSL library to encrypt C2 traffic.(Citation: Segurança Informática URSA Sophisticated Loader 2020)

Sardonic

Sardonic has the ability to send a random 64-byte RC4 key to communicate with actor-controlled C2 servers by using an RSA public key.(Citation: Bitdefender Sardonic Aug 2021)
Koadic

Koadic can use SSL and TLS for communications.(Citation: Github Koadic)
WannaCry

WannaCry uses Tor for command and control traffic and routes a custom cryptographic protocol over the Tor circuit.(Citation: SecureWorks WannaCry Analysis)
FIN6

FIN6 used the Plink command-line utility to create SSH tunnels to C2 servers.(Citation: FireEye FIN6 April 2016)

APT41 DUST used HTTPS for command and control.(Citation: Google Cloud APT41 2024)
Empire

Empire can use TLS to encrypt its C2 channel.(Citation: Github PowerShell Empire)
FIN8

FIN8 has used the Plink utility to tunnel RDP back to C2 infrastructure.(Citation: FireEye Know Your Enemy FIN8 Aug 2016)
BISCUIT

BISCUIT uses SSL for encrypting C2 communications.(Citation: Mandiant APT1 Appendix)
adbupd

adbupd contains a copy of the OpenSSL library to encrypt C2 traffic.(Citation: Microsoft PLATINUM April 2016)
Kobalos

Kobalos's authentication and key exchange is performed using RSA-512.(Citation: ESET Kobalos Feb 2021)(Citation: ESET Kobalos Jan 2021)

Covenant

Covenant can utilize SSL to encrypt command and control traffic.(Citation: Github Covenant)
WellMail

WellMail can use hard coded client and certificate authority certificates to communicate with C2 over mutual TLS.(Citation: CISA WellMail July 2020)(Citation: NCSC APT29 July 2020)
Operation Wocao

Operation Wocao's proxy implementation "Agent" can upgrade the socket in use to a TLS socket.(Citation: FoxIT Wocao December 2019)
CHOPSTICK

CHOPSTICK encrypts C2 communications with TLS.(Citation: ESET Sednit Part 2)
IcedID

IcedID has used SSL and TLS in communications with C2.(Citation: IBM IcedID November 2017)(Citation: Juniper IcedID June 2020)

Контрмеры
Контрмера Описание
Network Intrusion Prevention

Use intrusion detection signatures to block traffic at network boundaries.
SSL/TLS Inspection

Break and inspect SSL/TLS sessions to look at encrypted web traffic for adversary activity.

Обнаружение

SSL/TLS inspection is one way of detecting command and control traffic within some encrypted communication channels.(Citation: SANS Decrypting SSL) SSL/TLS inspection does come with certain risks that should be considered before implementing to avoid potential security issues such as incomplete certificate validation.(Citation: SEI SSL Inspection Risks) In general, analyze network data for uncommon data flows (e.g., a client sending significantly more data than it receives from a server). Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. Analyze packet contents to detect communications that do not follow the expected protocol behavior for the port that is being used.(Citation: University of Birmingham C2)

Ссылки

  1. Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020.
  2. Gardiner, J., Cova, M., Nagaraja, S. (2014, February). Command & Control Understanding, Denying and Detecting. Retrieved April 20, 2016.
  3. Dormann, W. (2015, March 13). The Risks of SSL Inspection. Retrieved April 5, 2016.
  4. Butler, M. (2013, November). Finding Hidden Threats by Decrypting SSL. Retrieved April 5, 2016.
  5. CISA. (2021, May 6). Analysis Report (AR21-126A) FiveHands Ransomware. Retrieved June 7, 2021.
  6. McLellan, T. and Moore, J. et al. (2021, April 29). UNC2447 SOMBRAT and FIVEHANDS Ransomware: A Sophisticated Financial Threat. Retrieved June 2, 2021.
  7. The BlackBerry Research and Intelligence Team. (2020, November 12). The CostaRicto Campaign: Cyber-Espionage Outsourced. Retrieved May 24, 2021.
  8. FBI et al. (2023, May 9). Hunting Russian Intelligence “Snake” Malware. Retrieved June 8, 2023.
  9. NCSC. (2022, February 23). Cyclops Blink Malware Analysis Report. Retrieved March 3, 2022.
  10. Lin, M. et al. (2024, February 27). Cutting Edge, Part 3: Investigating Ivanti Connect Secure VPN Exploitation and Persistence Attempts. Retrieved March 1, 2024.
  11. Ventura, V. (2021, September 16). Operation Layover: How we tracked an attack on the aviation industry to five years of compromise. Retrieved September 15, 2023.
  12. Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020.
  13. Erlich, C. (2020, April 3). The Avast Abuser: Metamorfo Banking Malware Hides By Abusing Avast Executable. Retrieved May 26, 2020.
  14. Blasco, J. (2013, March 21). New Sykipot developments [Blog]. Retrieved November 12, 2014.
  15. Sadique, M. and Singh, A. (2020, September 29). Spear Phishing Campaign Delivers Buer and Bazar Malware. Retrieved November 19, 2020.
  16. Cisco Talos. (2021, September 21). TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines. Retrieved December 2, 2021.
  17. Jurčacko, F. (2024, May 15). To the Moon and back(doors): Lunar landing in diplomatic missions. Retrieved June 26, 2024.
  18. GREAT. (2021, March 30). APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign. Retrieved June 17, 2021.
  19. CISA. (2020, October 29). Malware Analysis Report (AR20-303A). Retrieved December 9, 2020.
  20. Faou, M. (2020, May). From Agent.btz to ComRAT v4: A ten-year journey. Retrieved June 15, 2020.
  21. Mamedov, O, et al. (2019, July 3). Sodin ransomware exploits Windows vulnerability and processor architecture. Retrieved August 4, 2020.
  22. Kaspersky Lab's Global Research & Analysis Team. (2017, August 30). Introducing WhiteBear. Retrieved September 21, 2017.
  23. ESET. (2017, August). Gazing at Gazer: Turla’s new second stage backdoor. Retrieved September 14, 2017.
  24. Check Point. (2020, November 6). Ransomware Alert: Pay2Key. Retrieved January 4, 2021.
  25. Abramov, D. (2020, April 13). Grandoreiro Malware Now Targeting Banks in Spain. Retrieved November 12, 2020.
  26. Nicolas Verdier. (n.d.). Retrieved January 29, 2018.
  27. Schwarz, D. and Proofpoint Staff. (2019, January 9). ServHelper and FlawedGrace - New malware introduced by TA505. Retrieved May 28, 2019.
  28. Thomas, C. (n.d.). Mythc Documentation. Retrieved March 25, 2022.
  29. Priego, A. (2021, July). THE BROTHERS GRIM: THE REVERSING TALE OF GRIMAGENT MALWARE USED BY RYUK. Retrieved September 19, 2024.
  30. Hromcova, Z. (2019, October). AT COMMANDS, TOR-BASED COMMUNICATIONS: MEET ATTOR, A FANTASY CREATURE AND ALSO A SPY PLATFORM. Retrieved May 6, 2020.
  31. Fishbein, N., Kajiloti, M.. (2020, July 28). Watch Your Containers: Doki Infecting Docker Servers in the Cloud. Retrieved March 30, 2021.
  32. Slepogin, N. (2017, May 25). Dridex: A History of Evolution. Retrieved May 31, 2019.
  33. National Cyber Security Centre. (2020, July 16). Advisory: APT29 targets COVID-19 vaccine development. Retrieved September 29, 2020.
  34. CISA. (2020, July 16). MAR-10296782-2.v1 – WELLMESS. Retrieved September 24, 2020.
  35. PWC. (2020, August 17). WellMess malware: analysis of its Command and Control (C2) server. Retrieved September 29, 2020.
  36. PWC. (2020, July 16). How WellMess malware has been used to target COVID-19 vaccines. Retrieved September 24, 2020.
  37. Chen, J.. (2020, May 12). Tropic Trooper’s Back: USBferry Attack Targets Air gapped Environments. Retrieved May 20, 2020.
  38. Horejsi, J., et al. (2018, March 14). Tropic Trooper’s New Strategy. Retrieved November 9, 2018.
  39. FBI, CISA, CNMF, NCSC-UK. (2022, February 24). Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks. Retrieved September 27, 2022.
  40. Black Lotus Labs. (2024, August 27). Taking The Crossroads: The Versa Director Zero-Day Exploitaiton. Retrieved August 27, 2024.
  41. Accenture. (2020, October). Turla uses HyperStack, Carbon, and Kazuar to compromise government entity. Retrieved December 2, 2020.
  42. Roger Dingledine, Nick Mathewson and Paul Syverson. (2004). Tor: The Second-Generation Onion Router. Retrieved December 21, 2017.
  43. fatedier. (n.d.). What is frp?. Retrieved July 10, 2024.
  44. Nafisi, R., Lelli, A. (2021, March 4). GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence. Retrieved March 8, 2021.
  45. BishopFox. (n.d.). Sliver Transport Encryption. Retrieved September 16, 2021.
  46. Kervella, R. (2019, August 4). Cross-platform General Purpose Implant Framework Written in Golang. Retrieved July 30, 2021.
  47. NCSC, CISA, FBI, NSA. (2021, May 7). Further TTPs associated with SVR cyber actors. Retrieved July 29, 2021.
  48. Group-IB. (2021, November). RedCurl: The Awakening. Retrieved August 14, 2024.
  49. Group-IB. (2020, August). RedCurl: The Pentest You Didn’t Know About. Retrieved August 9, 2024.
  50. MalwareBytes Threat Intelligence Team. (2022, August 3). Woody RAT: A new feature-rich malware spotted in the wild. Retrieved December 6, 2022.
  51. Cherepanov, A. (2018, October). GREYENERGY A successor to BlackEnergy. Retrieved November 15, 2018.
  52. Savelesky, K., et al. (2019, July 23). ABADBABE 8BADFOOD: Discovering BADHATCH and a Detailed Look at FIN8's Tooling. Retrieved September 8, 2021.
  53. Smith, S., Stafford, M. (2021, December 14). DarkWatchman: A new evolution in fileless techniques. Retrieved January 10, 2022.
  54. Dutch Military Intelligence and Security Service (MIVD) & Dutch General Intelligence and Security Service (AIVD). (2024, February 6). Ministry of Defense of the Netherlands uncovers COATHANGER, a stealthy Chinese FortiGate RAT. Retrieved February 7, 2024.
  55. Secureworks. (2019, July 24). Updated Karagany Malware Targets Energy Sector. Retrieved August 12, 2020.
  56. Davis, S. and Caban, D. (2017, December 19). APT34 - New Targeted Attack in the Middle East. Retrieved December 20, 2017.
  57. Leonardo. (2020, May 29). MALWARE TECHNICAL INSIGHT TURLA “Penquin_x64”. Retrieved March 11, 2021.
  58. The Cylance Threat Research Team. (2017, March 22). El Machete's Malware Attacks Cut Through LATAM. Retrieved September 13, 2019.
  59. Mavis, N. (2020, September 21). The Art and Science of Detecting Cobalt Strike. Retrieved September 12, 2024.
  60. US-CERT. (2017, November 22). Alert (TA17-318B): HIDDEN COBRA – North Korean Trojan: Volgmer. Retrieved December 7, 2017.
  61. Fidelis Threat Research Team. (2016, January 27). Introducing Hi-Zor RAT. Retrieved March 24, 2016.
  62. Mercer, W. et al. (2020, June 29). PROMETHIUM extends global reach with StrongPity3 APT. Retrieved July 20, 2020.
  63. I. Ilascu. (2019, March 3). Op 'Sharpshooter' Connected to North Korea's Lazarus Group. Retrieved September 26, 2022.
  64. Dunwoody, M.. (2017, April 3). Dissecting One of APT29’s Fileless WMI and PowerShell Backdoors (POSHSPY). Retrieved April 5, 2017.
  65. ESET. (2016, October). En Route with Sednit - Part 2: Observing the Comings and Goings. Retrieved November 21, 2016.
  66. Belcher, P.. (2016, July 28). Tunnel of Gov: DNC Hack and the Russian XTunnel. Retrieved August 3, 2016.
  67. Dunwoody, M., et al. (2018, November 19). Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign. Retrieved November 27, 2018.
  68. Rufus Brown, Van Ta, Douglas Bienstock, Geoff Ackerman, John Wolfram. (2022, March 8). Does This Look Infected? A Summary of APT41 Targeting U.S. State Governments. Retrieved July 8, 2022.
  69. Singh, S. et al.. (2018, March 13). Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign. Retrieved April 11, 2018.
  70. CISA. (2020, October 29). Malware Analysis Report (AR20-303B). Retrieved December 9, 2020.
  71. ESET Research. (2019, May 22). A journey to Zebrocy land. Retrieved June 20, 2019.
  72. ESET. (2018, November 20). Sednit: What’s going on with Zebrocy?. Retrieved February 12, 2019.
  73. Mercer, W, et al. (2020, April 16). PoetRAT: Python RAT uses COVID-19 lures to target Azerbaijan public and private sectors. Retrieved April 27, 2020.
  74. Matveeva, V. (2017, August 15). Secrets of Cobalt. Retrieved October 10, 2018.
  75. Bitdefender. (2015, December). APT28 Under the Scope. Retrieved February 23, 2017.
  76. Pedro Tavares (Segurança Informática). (2020, September 15). Threat analysis: The emergent URSA trojan impacts many countries using a sophisticated loader. Retrieved March 13, 2024.
  77. Budaca, E., et al. (2021, August 25). FIN8 Threat Actor Goes Agile with New Sardonic Backdoor. Retrieved August 9, 2023.
  78. Magius, J., et al. (2017, July 19). Koadic. Retrieved September 27, 2024.
  79. Counter Threat Unit Research Team. (2017, May 18). WCry Ransomware Analysis. Retrieved March 26, 2019.
  80. FireEye Threat Intelligence. (2016, April). Follow the Money: Dissecting the Operations of the Cyber Crime Group FIN6. Retrieved June 1, 2016.
  81. Mike Stokkel et al. (2024, July 18). APT41 Has Arisen From the DUST. Retrieved September 16, 2024.
  82. Schroeder, W., Warner, J., Nelson, M. (n.d.). Github PowerShellEmpire. Retrieved April 28, 2016.
  83. Elovitz, S. & Ahl, I. (2016, August 18). Know Your Enemy: New Financially-Motivated & Spear-Phishing Group. Retrieved February 26, 2018.
  84. Mandiant. (n.d.). Appendix C (Digital) - The Malware Arsenal. Retrieved July 18, 2016.
  85. Windows Defender Advanced Threat Hunting Team. (2016, April 29). PLATINUM: Targeted attacks in South and Southeast Asia. Retrieved February 15, 2018.
  86. M.Leveille, M., Sanmillan, I. (2021, January). A WILD KOBALOS APPEARS Tricksy Linux malware goes after HPCs. Retrieved August 24, 2021.
  87. M.Leveille, M., Sanmillan, I. (2021, February 2). Kobalos – A complex Linux threat to high performance computing infrastructure. Retrieved August 24, 2021.
  88. cobbr. (2021, April 21). Covenant. Retrieved September 4, 2024.
  89. CISA. (2020, July 16). MAR-10296782-3.v1 – WELLMAIL. Retrieved September 29, 2020.
  90. Kimayong, P. (2020, June 18). COVID-19 and FMLA Campaigns used to install new IcedID banking malware. Retrieved July 14, 2020.
  91. Kessem, L., et al. (2017, November 13). New Banking Trojan IcedID Discovered by IBM X-Force Research. Retrieved July 14, 2020.
Навигация

Связанные риски

Ничего не найдено

Каталоги

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.