Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Вход Регистрация
MITRE ATT&CK - Техника Инструменты
Каталоги
MITRE ATT&CK
БДУ ФСТЭК
Новая БДУ ФСТЭК
EN
Риски
Каталоги
MITRE ATT&CK
Техника
Инструменты
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

Obtain Capabilities:  Инструменты

ID Название
.001 Malware
.002 Инструменты
.003 Сертификаты подписи кода
.004 Цифровые сертификаты
.005 Эксплойты
.006 Уязвимости

Adversaries may buy, steal, or download software tools that can be used during targeting. Tools can be open or closed source, free or commercial. A tool can be used for malicious purposes by an adversary, but (unlike malware) were not intended to be used for those purposes (ex: PsExec). Tool acquisition can involve the procurement of commercial software licenses, including for red teaming tools such as Cobalt Strike. Commercial software may be obtained through purchase, stealing licenses (or licensed copies of the software), or cracking trial versions.(Citation: Recorded Future Beacon 2019) Adversaries may obtain tools to support their operations, including to support execution of post-compromise behaviors. In addition to freely downloading or purchasing software, adversaries may steal software and/or software licenses from third-party entities (including other adversaries).

ID: T1588.002
Относится к технике:  T1588
Тактика(-и): Resource Development
Платформы: PRE
Источники данных: Malware Repository: Malware Metadata
Версия: 1.1
Дата создания: 01 Oct 2020
Последнее изменение: 17 Oct 2021

Примеры процедур
Название Описание
DarkVishnya

DarkVishnya has obtained and used tools such as Impacket, Winexe, and PsExec.(Citation: Securelist DarkVishnya Dec 2018)
Turla

Turla has obtained and customized publicly-available tools like Mimikatz.(Citation: Symantec Waterbug Jun 2019)
Inception

Inception has obtained and used open-source tools such as LaZagne.(Citation: Kaspersky Cloud Atlas August 2019)
Magic Hound

Magic Hound has obtained and used open-source penetration testing tools like Havij, sqlmap, Metasploit, and Mimikatz.(Citation: Check Point Rocket Kitten)(Citation: FireEye APT35 2018)(Citation: Check Point APT35 CharmPower January 2022)

For Operation Spalax, the threat actors obtained packers such as CyaX.(Citation: ESET Operation Spalax Jan 2021)
BITTER

BITTER has obtained tools such as PuTTY for use in their operations.(Citation: Forcepoint BITTER Pakistan Oct 2016)
Kimsuky

Kimsuky has obtained and used tools such as Nirsoft WebBrowserPassVIew, Mimikatz, and PsExec.(Citation: Netscout Stolen Pencil Dec 2018)(Citation: Talos Kimsuky Nov 2021)
BlackTech

BlackTech has obtained and used tools such as Putty, SNScan, and PsExec for its operations.(Citation: Symantec Palmerworm Sep 2020)
MuddyWater

MuddyWater has made use of legitimate tools ConnectWise and Remote Utilities to gain access to target environment.(Citation: Anomali Static Kitten February 2021)
LAPSUS$

LAPSUS$ has obtained tools such as AD Explorer inspection software for their operations.(Citation: MSTIC DEV-0537 Mar 2022)
Leafminer

Leafminer has obtained and used tools such as LaZagne, Mimikatz, PsExec, and MailSniper.(Citation: Symantec Leafminer July 2018)
APT29

APT29 has obtained and used a variety of tools including Mimikatz, SDelete, Tor, meek, and Cobalt Strike.(Citation: Mandiant No Easy Breach)(Citation: F-Secure The Dukes)(Citation: FireEye APT29 Nov 2018)
APT28

APT28 has obtained and used open-source tools like Koadic, Mimikatz, and Responder.(Citation: Palo Alto Sofacy 06-2018)(Citation: Securelist Sofacy Feb 2018)(Citation: FireEye APT28 Hospitality Aug 2017)
Wizard Spider

Wizard Spider has obtained and used publicly-available post-exploitation frameworks and tools like Metasploit, Empire, Mimikatz.(Citation: FireEye KEGTAP SINGLEMALT October 2020)
Ember Bear

Ember Bear has obtained and used open source scripts from GitHub.(Citation: Palo Alto Unit 42 OutSteel SaintBot February 2022 )

BRONZE BUTLER

BRONZE BUTLER has obtained and used open-source tools such as Mimikatz, gsecdump, and Windows Credential Editor.(Citation: Symantec Tick Apr 2016)
menuPass

menuPass has used and modified open-source tools like Impacket, Mimikatz, and pwdump.(Citation: PWC Cloud Hopper Technical Annex April 2017)
APT41

APT41 has obtained and used tools such as Mimikatz, pwdump, PowerSploit, and Windows Credential Editor.(Citation: FireEye APT41 Aug 2019)
TA505

TA505 has used a variety of tools in their operations, including AdFind, BloodHound, Mimikatz, and PowerSploit.(Citation: NCC Group TA505)
APT39

APT39 has modified and used customized versions of publicly-available tools like PLINK and Mimikatz.(Citation: BitDefender Chafer May 2020)(Citation: IBM ITG07 June 2019)
GALLIUM

GALLIUM has used a variety of widely-available tools, which in some cases they modified to add functionality and/or subvert antimalware solutions.(Citation: Microsoft GALLIUM December 2019)
Cleaver

Cleaver has obtained and used open-source tools such as PsExec, Windows Credential Editor, and Mimikatz.(Citation: Cylance Cleaver)
BackdoorDiplomacy

BackdoorDiplomacy has obtained a variety of open-source reconnaissance and red team tools for discovery and lateral movement.(Citation: ESET BackdoorDiplomacy Jun 2021)
FIN6

FIN6 has obtained and used tools such as Mimikatz, Cobalt Strike, and AdFind.(Citation: Security Intelligence More Eggs Aug 2019)(Citation: FireEye FIN6 Apr 2019)
Sandworm Team

Sandworm Team has acquired open-source tools for some of it's operations; for example it acquired Invoke-PSImage to establish an encrypted channel from a compromised host to Sandworm Team's C2 server as part of its preparation for the 2018 Winter Olympics attack.(Citation: US District Court Indictment GRU Unit 74455 October 2020)
Patchwork

Patchwork has obtained and used open-source tools such as QuasarRAT.(Citation: Volexity Patchwork June 2018)

For Operation CuckooBees, the threat actors obtained publicly-available JSP code that was used to deploy a webshell onto a compromised server.(Citation: Cybereason OperationCuckooBees May 2022)

During Night Dragon, threat actors obtained and used tools such as gsecdump.(Citation: McAfee Night Dragon)
APT-C-36

APT-C-36 obtained and used a modified variant of Imminent Monitor.(Citation: QiAnXin APT-C-36 Feb2019)
WIRTE

WIRTE has obtained and used Empire for post-exploitation activities.(Citation: Lab52 WIRTE Apr 2019)
Cobalt Group

Cobalt Group has obtained and used a variety of tools including Mimikatz, PsExec, Cobalt Strike, and SDelete.(Citation: PTSecurity Cobalt Dec 2016)
Ke3chang

Ke3chang has obtained and used tools such as Mimikatz.(Citation: NCC Group APT15 Alive and Strong)
Threat Group-3390

Threat Group-3390 has obtained and used tools such as Impacket, pwdump, Mimikatz, gsecdump, NBTscan, and Windows Credential Editor.(Citation: Unit42 Emissary Panda May 2019)(Citation: Dell TG-3390)
Lazarus Group

Lazarus Group has obtained a variety of tools for their operations, including Responder, PuTTy PSCP, Wake-On-Lan, ChromePass, and dbxcli.(Citation: ESET Lazarus Jun 2020)(Citation: ClearSky Lazarus Aug 2020)(Citation: Kaspersky ThreatNeedle Feb 2021)
FIN5

FIN5 has obtained and used a customized version of PsExec, as well as use other tools such as pwdump, SDelete, and Windows Credential Editor.(Citation: Mandiant FIN5 GrrCON Oct 2016)
Thrip

Thrip has obtained and used tools such as Mimikatz and PsExec.(Citation: Symantec Thrip June 2018)
Moses Staff

Moses Staff has used the commercial tool DiskCryptor.(Citation: Checkpoint MosesStaff Nov 2021)

For Operation Wocao, the threat actors obtained a variety of open source tools, including JexBoss, KeeThief, and BloodHound.(Citation: FoxIT Wocao December 2019)

During CostaRicto, the threat actors obtained open source tools to use in their operations.(Citation: BlackBerry CostaRicto November 2020)

POLONIUM

POLONIUM has obtained and used tools such as AirVPN and plink in their operations.(Citation: Microsoft POLONIUM June 2022)

PittyTiger

PittyTiger has obtained and used tools such as Mimikatz and gsecdump.(Citation: Bizeul 2014)
HEXANE

HEXANE has acquired, and sometimes customized, open source tools such as Mimikatz, Empire, VNC remote access software, and DIG.net.(Citation: Kaspersky Lyceum October 2021)(Citation: SecureWorks August 2019)(Citation: Zscaler Lyceum DnsSystem June 2022)
Whitefly

Whitefly has obtained and used tools such as Mimikatz.(Citation: Symantec Whitefly March 2019)
FIN10

FIN10 has relied on publicly-available software to gain footholds and establish persistence in victim environments.(Citation: FireEye FIN10 June 2017)
Dragonfly

Dragonfly has obtained and used tools such as Mimikatz, CrackMapExec, and PsExec.(Citation: Secureworks IRON LIBERTY July 2019)
IndigoZebra

IndigoZebra has acquired open source tools such as NBTscan and Meterpreter for their operations.(Citation: Checkpoint IndigoZebra July 2021)(Citation: Securelist APT Trends Q2 2017)

Aquatic Panda

Aquatic Panda has acquired and used Cobalt Strike in its operations.(Citation: CrowdStrike AQUATIC PANDA December 2021)
Aoqin Dragon

Aoqin Dragon obtained the Heyoka open source exfiltration tool and subsequently modified it for their operations.(Citation: SentinelOne Aoqin Dragon June 2022)
APT38

APT38 has obtained and used open-source tools such as Mimikatz.(Citation: ESET Lazarus KillDisk April 2018)
Earth Lusca

Earth Lusca has acquired and used a variety of open source tools.(Citation: TrendMicro EarthLusca 2022)
APT33

APT33 has obtained and leveraged publicly-available tools for early intrusion activities.(Citation: FireEye APT33 Guardrail)(Citation: Symantec Elfin Mar 2019)
Ferocious Kitten

Ferocious Kitten has obtained open source tools for its operations, including JsonCPP and Psiphon.(Citation: Kaspersky Ferocious Kitten Jun 2021)
APT32

APT32 has obtained and used tools such as Mimikatz and Cobalt Strike, and a variety of other open-source tools from GitHub.(Citation: FireEye APT32 May 2017)(Citation: Cybereason Oceanlotus May 2017)
Gorgon Group

Gorgon Group has obtained and used tools such as QuasarRAT and Remcos.(Citation: Unit 42 Gorgon Group Aug 2018)
Silence

Silence has obtained and modified versions of publicly-available tools like Empire and PsExec.(Citation: Group IB Silence Aug 2019) (Citation: SecureList Silence Nov 2017)
Chimera

Chimera has obtained and used tools such as BloodHound, Cobalt Strike, Mimikatz, and PsExec.(Citation: Cycraft Chimera April 2020)(Citation: NCC Group Chimera January 2021)
CopyKittens

CopyKittens has used Metasploit, Empire, and AirVPN for post-exploitation activities.(Citation: ClearSky and Trend Micro Operation Wilted Tulip July 2017)(Citation: Microsoft POLONIUM June 2022)
Silent Librarian

Silent Librarian has obtained free and publicly available tools including SingleFile and HTTrack to copy login pages of targeted organizations.(Citation: Proofpoint TA407 September 2019)(Citation: Secureworks COBALT DICKENS September 2019)

For C0010, UNC3890 actors obtained multiple publicly-available tools, including METASPLOIT, UNICORN, and NorthStar C2.(Citation: Mandiant UNC3890 Aug 2022)
TEMP.Veles

TEMP.Veles has obtained and used tools such as Mimikatz and PsExec.(Citation: FireEye TRITON 2019)

For Frankenstein, the threat actors obtained and used Empire.(Citation: Talos Frankenstein June 2019)
APT19

APT19 has obtained and used publicly-available tools like Empire.(Citation: NCSC Joint Report Public Tools)(Citation: FireEye APT19)

For C0015, the threat actors obtained a variety of tools, including AdFind, AnyDesk, and Process Hacker.(Citation: DFIR Conti Bazar Nov 2021)

For FunnyDream, the threat actors used a modified version of the open source PcShare remote administration tool.(Citation: Bitdefender FunnyDream Campaign November 2020)
Blue Mockingbird

Blue Mockingbird has obtained and used tools such as Mimikatz.(Citation: RedCanary Mockingbird May 2020)
APT1

APT1 has used various open-source tools for privilege escalation purposes.(Citation: Mandiant APT1)
Carbanak

Carbanak has obtained and used open-source tools such as PsExec and Mimikatz.(Citation: Kaspersky Carbanak)
DarkHydrus

DarkHydrus has obtained and used tools such as Mimikatz, Empire, and Cobalt Strike.(Citation: Unit 42 DarkHydrus July 2018)

Контрмеры
Контрмера Описание
Pre-compromise

This category is used for any applicable mitigation activities that apply to techniques occurring before an adversary gains Initial Access, such as Reconnaissance and Resource Development techniques.

Обнаружение

In some cases, malware repositories can also be used to identify features of tool use associated with an adversary, such as watermarks in Cobalt Strike payloads.(Citation: Analyzing CS Dec 2020) Much of this activity will take place outside the visibility of the target organization, making detection of this behavior difficult. Detection efforts may be focused on post-compromise phases of the adversary lifecycle.

Ссылки

  1. Maynier, E. (2020, December 20). Analyzing Cobalt Strike for Fun and Profit. Retrieved October 12, 2021.
  2. Recorded Future. (2019, June 20). Out of the Blue: How Recorded Future Identified Rogue Cobalt Strike Servers. Retrieved October 16, 2020.
  3. Vyacheslav Kopeytsev and Seongsu Park. (2021, February 25). Lazarus targets defense industry with ThreatNeedle. Retrieved October 27, 2021.
  4. ClearSky Research Team. (2020, August 13). Operation 'Dream Job' Widespread North Korean Espionage Campaign. Retrieved December 20, 2021.
  5. Breitenbacher, D and Osis, K. (2020, June 17). OPERATION IN(TER)CEPTION: Targeted Attacks Against European Aerospace and Military Companies. Retrieved December 20, 2021.
  6. Mandiant. (n.d.). APT1 Exposing One of China’s Cyber Espionage Units. Retrieved July 18, 2016.
  7. Kaspersky Lab's Global Research and Analysis Team. (2015, February). CARBANAK APT THE GREAT BANK ROBBERY. Retrieved August 23, 2018.
  8. QiAnXin Threat Intelligence Center. (2019, February 18). APT-C-36: Continuous Attacks Targeting Colombian Government Institutions and Corporations. Retrieved May 5, 2020.
  9. Symantec DeepSight Adversary Intelligence Team. (2019, June 20). Waterbug: Espionage Group Rolls Out Brand-New Toolset in Attacks Against Governments. Retrieved July 8, 2019.
  10. Meltzer, M, et al. (2018, June 07). Patchwork APT Group Targets US Think Tanks. Retrieved July 16, 2018.
  11. Miller, S, et al. (2019, April 10). TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping. Retrieved April 16, 2019.
  12. Threat Intelligence. (2020, September 29). Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors. Retrieved March 25, 2022.
  13. Dunwoody, M., et al. (2018, November 19). Not So Cozy: An Uncomfortable Examination of a Suspected APT29 Phishing Campaign. Retrieved November 27, 2018.
  14. F-Secure Labs. (2015, September 17). The Dukes: 7 years of Russian cyberespionage. Retrieved December 10, 2015.
  15. Dunwoody, M. and Carr, N.. (2016, September 27). No Easy Breach DerbyCon 2016. Retrieved October 4, 2016.
  16. Dela Paz, R. (2016, October 21). BITTER: a targeted attack against Pakistan. Retrieved June 1, 2022.
  17. McAfee® Foundstone® Professional Services and McAfee Labs™. (2011, February 10). Global Energy Cyberattacks: “Night Dragon”. Retrieved February 19, 2018.
  18. Bromiley, M. and Lewis, P. (2016, October 7). Attacking the Hospitality and Gaming Industries: Tracking an Attacker Around the World in 7 Years. Retrieved October 6, 2017.
  19. Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Pernet, C. (2014, July 11). Eye of the Tiger. Retrieved September 29, 2015.
  20. Wiley, B. et al. (2021, December 29). OverWatch Exposes AQUATIC PANDA in Possession of Log4Shell Exploit Tools During Hands-on Intrusion Attempt. Retrieved January 18, 2022.
  21. Dahan, A. (2017, May 24). OPERATION COBALT KITTY: A LARGE-SCALE APT IN ASIA CARRIED OUT BY THE OCEANLOTUS GROUP. Retrieved November 5, 2018.
  22. Carr, N.. (2017, May 14). Cyber Espionage is Alive and Well: APT32 and the Threat to Global Corporations. Retrieved June 18, 2017.
  23. Security Response Attack Investigation Team. (2018, June 19). Thrip: Espionage Group Hits Satellite, Telecoms, and Defense Companies. Retrieved July 10, 2018.
  24. Checkpoint Research. (2021, November 15). Uncovering MosesStaff techniques: Ideology over Money. Retrieved August 11, 2022.
  25. Shivtarkar, N. and Kumar, A. (2022, June 9). Lyceum .NET DNS Backdoor. Retrieved June 23, 2022.
  26. SecureWorks 2019, August 27 LYCEUM Takes Center Stage in Middle East Campaign Retrieved. 2019/11/19
  27. Kayal, A. et al. (2021, October). LYCEUM REBORN: COUNTERINTELLIGENCE IN THE MIDDLE EAST. Retrieved June 14, 2022.
  28. Kaspersky Lab's Global Research & Analysis Team. (2017, August 8). APT Trends report Q2 2017. Retrieved February 15, 2018.
  29. CheckPoint Research. (2021, July 1). IndigoZebra APT continues to attack Central Asia with evolving tools. Retrieved September 24, 2021.
  30. Adamitis, D. et al. (2019, June 4). It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign. Retrieved May 11, 2020.
  31. Scott W. Brady. (2020, October 15). United States vs. Yuriy Sergeyevich Andrienko et al.. Retrieved November 25, 2020.
  32. Chen, J., et al. (2022). Delving Deep: An Analysis of Earth Lusca’s Operations. Retrieved July 1, 2022.
  33. Falcone, R., et al. (2018, August 02). The Gorgon Group: Slithering Between Nation State and Cybercrime. Retrieved August 7, 2018.
  34. MSTIC. (2019, December 12). GALLIUM: Targeting global telecom. Retrieved January 13, 2021.
  35. S2 Grupo. (2019, April 2). WIRTE Group attacking the Middle East. Retrieved May 24, 2019.
  36. Symantec Security Response. (2018, July 25). Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions. Retrieved August 28, 2018.
  37. Unit 42. (2022, February 25). Spear Phishing Attacks Target Organizations in Ukraine, Payloads Include the Document Stealer OutSteel and the Downloader SaintBot. Retrieved June 9, 2022.
  38. Terefos, A. (2020, November 18). TA505: A Brief History of Their Time. Retrieved July 14, 2022.
  39. Microsoft. (2022, June 2). Exposing POLONIUM activity and infrastructure targeting Israeli organizations. Retrieved July 1, 2022.
  40. M. Porolli. (2021, January 21). Operation Spalax: Targeted malware attacks in Colombia. Retrieved September 16, 2022.
  41. Cybereason Nocturnus. (2022, May 4). Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques. Retrieved September 22, 2022.
  42. Smallridge, R. (2018, March 10). APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS. Retrieved April 4, 2018.
  43. Dantzig, M. v., Schamper, E. (2019, December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020.
  44. Secureworks. (2019, July 24). Resurgent Iron Liberty Targeting Energy Sector. Retrieved August 12, 2020.
  45. Kálnai, P., Cherepanov A. (2018, April 03). Lazarus KillDisks Central American casino. Retrieved May 17, 2018.
  46. DFIR Report. (2021, November 29). CONTInuing the Bazar Ransomware Story. Retrieved September 29, 2022.
  47. Mandiant. (2018). Mandiant M-Trends 2018. Retrieved July 9, 2018.
  48. Check Point. (2022, January 11). APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit. Retrieved January 24, 2022.
  49. Check Point Software Technologies. (2015). ROCKET KITTEN: A CAMPAIGN WITH 9 LIVES. Retrieved March 16, 2018.
  50. Jansen, W . (2021, January 12). Abusing cloud services to fly under the radar. Retrieved January 19, 2021.
  51. Cycraft. (2020, April 15). APT Group Chimera - APT Operation Skeleton key Targets Taiwan Semiconductor Vendors. Retrieved August 24, 2020.
  52. Vrabie, V. (2020, November). Dissecting a Chinese APT Targeting South Eastern Asian Government Institutions. Retrieved September 19, 2022.
  53. FireEye iSIGHT Intelligence. (2017, June 16). FIN10: Anatomy of a Cyber Extortion Operation. Retrieved June 25, 2017.
  54. GReAT. (2017, November 1). Silence – a new Trojan attacking financial organizations. Retrieved May 24, 2019.
  55. Group-IB. (2019, August). Silence 2.0: Going Global. Retrieved May 5, 2020.
  56. Golovanov, S. (2018, December 6). DarkVishnya: Banks attacked through direct connection to local network. Retrieved May 15, 2020.
  57. An, J and Malhotra, A. (2021, November 10). North Korean attackers use malicious blogs to deliver malware to high-profile South Korean targets. Retrieved December 29, 2021.
  58. ASERT team. (2018, December 5). STOLEN PENCIL Campaign Targets Academia. Retrieved February 5, 2019.
  59. Kimberly Goody, Jeremy Kennelly, Joshua Shilko, Steve Elovitz, Douglas Bienstock. (2020, October 28). Unhappy Hour Special: KEGTAP and SINGLEMALT With a Ransomware Chaser. Retrieved October 28, 2020.
  60. Security Response attack Investigation Team. (2019, March 27). Elfin: Relentless Espionage Group Targets Multiple Organizations in Saudi Arabia and U.S.. Retrieved April 10, 2019.
  61. Ackerman, G., et al. (2018, December 21). OVERRULED: Containing a Potentially Destructive Adversary. Retrieved January 17, 2019.
  62. Mele, G. et al. (2021, February 10). Probable Iranian Cyber Actors, Static Kitten, Conducting Cyberespionage Campaign Targeting UAE and Kuwait Government Agencies. Retrieved March 17, 2021.
  63. Symantec. (2019, March 6). Whitefly: Espionage Group has Singapore in Its Sights. Retrieved May 26, 2020.
  64. Mandiant Israel Research Team. (2022, August 17). Suspected Iranian Actor Targeting Israeli Shipping, Healthcare, Government and Energy Sectors. Retrieved September 21, 2022.
  65. GReAT. (2019, August 12). Recent Cloud Atlas activity. Retrieved May 8, 2020.
  66. MSTIC, DART, M365 Defender. (2022, March 24). DEV-0537 Criminal Actor Targeting Organizations for Data Exfiltration and Destruction. Retrieved May 17, 2022.
  67. GReAT. (2021, June 16). Ferocious Kitten: 6 Years of Covert Surveillance in Iran. Retrieved September 22, 2021.
  68. McMillen, D. Sperry, C. (2019, June 14). Observations of ITG07 Cyber Operations. Retrieved May 17, 2021.
  69. Rusu, B. (2020, May 21). Iranian Chafer APT Targeted Air Transportation and Government in Kuwait and Saudi Arabia. Retrieved May 22, 2020.
  70. Cylance. (2014, December). Operation Cleaver. Retrieved September 14, 2017.
  71. Positive Technologies. (2016, December 16). Cobalt Snatch. Retrieved October 9, 2018.
  72. Chen, Joey. (2022, June 9). Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years. Retrieved July 14, 2022.
  73. Smith, L. and Read, B.. (2017, August 11). APT28 Targets Hospitality Sector, Presents Threat to Travelers. Retrieved August 17, 2017.
  74. Kaspersky Lab's Global Research & Analysis Team. (2018, February 20). A Slice of 2017 Sofacy Activity. Retrieved November 27, 2018.
  75. Lee, B., Falcone, R. (2018, June 06). Sofacy Group’s Parallel Attacks. Retrieved June 18, 2018.
  76. DiMaggio, J. (2016, April 28). Tick cyberespionage group zeros in on Japan. Retrieved July 16, 2018.
  77. PwC and BAE Systems. (2017, April). Operation Cloud Hopper: Technical Annex. Retrieved April 13, 2017.
  78. Fraser, N., et al. (2019, August 7). Double DragonAPT41, a dual espionage and cyber crime operation APT41. Retrieved September 23, 2019.
  79. Adam Burgher. (2021, June 10). BackdoorDiplomacy: Upgrading from Quarian to Turian. Retrieved September 1, 2021
  80. Falcone, R. and Lancaster, T. (2019, May 28). Emissary Panda Attacks Middle East Government Sharepoint Servers. Retrieved July 9, 2019.
  81. Dell SecureWorks Counter Threat Unit Threat Intelligence. (2015, August 5). Threat Group-3390 Targets Organizations for Cyberespionage. Retrieved August 18, 2018.
  82. The BlackBerry Research and Intelligence Team. (2020, November 12). The CostaRicto Campaign: Cyber-Espionage Outsourced. Retrieved May 24, 2021.
  83. ClearSky and Trend Micro. (2017, July). Operation Wilted Tulip - Exposing a cyber espionage apparatus. Retrieved May 17, 2021.
  84. Counter Threat Unit Research Team. (2019, September 11). COBALT DICKENS Goes Back to School…Again. Retrieved February 3, 2021.
  85. Proofpoint Threat Insight Team. (2019, September 5). Threat Actor Profile: TA407, the Silent Librarian. Retrieved February 3, 2021.
  86. Lambert, T. (2020, May 7). Introducing Blue Mockingbird. Retrieved May 26, 2020.
  87. McKeague, B. et al. (2019, April 5). Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware. Retrieved April 17, 2019.
  88. Villadsen, O.. (2019, August 29). More_eggs, Anyone? Threat Actor ITG08 Strikes Again. Retrieved September 16, 2019.
  89. The Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), CERT New Zealand, the UK National Cyber Security Centre (UK NCSC) and the US National Cybersecurity and Communications Integration Center (NCCIC). (2018, October 11). Joint report on publicly available hacking tools. Retrieved March 11, 2019.
  90. Falcone, R., et al. (2018, July 27). New Threat Actor Group DarkHydrus Targets Middle East Government. Retrieved August 2, 2018.
  91. Ahl, I. (2017, June 06). Privileges and Credentials: Phished at the Request of Counsel. Retrieved May 17, 2018.
Навигация

Связанные риски

Ничего не найдено

Каталоги

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.