…work. [19] G0065 Leviathan Leviathan used ssh for internal reconnaissance. [20] C0049 Leviathan Australian Intrusions Leviathan used SSH brute force techniques to move laterally within victim environments during Leviathan Australian Intrusions [21] G0045 menuPass menuPass has use…
…to allow incoming connections or disable it entirely using netsh [28] [29] [30] C0049 Leviathan Australian Intrusions Leviathan modified system firewalls to add two open listening ports on 9998 and 9999 during Leviathan Australian Intrusions [31] G0059 Magic Hound Magic Hound has…
…er 7). Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns. Retrieved June 13, 2024. DiMaggio, J. (2016, May 17). Indian organizations targeted in Suckfly attacks. Retrieved August 3, 2016. Dell SecureWorks Counter Threat Unit Threat Intelligence. (…
…l MFA prompts in hope of the legitimate user will grant necessary approval. [8] C0049 Leviathan Australian Intrusions Leviathan abused compromised appliance access to collect multifactor authentication token values during Leviathan Australian Intrusions [9] C0014 Operation Wocao …
…itial foothold as well as persistence into the victim's systems. [43] [44] [45] C0049 Leviathan Australian Intrusions Leviathan relied extensively on web shell use following initial access for persistence and command execution purposes in victim environments during Leviathan Aust…
…password used to establish an SSH connection from the compromised host. [5] [6] C0049 Leviathan Australian Intrusions Leviathan captured submitted multfactor authentication codes and other technical artifacts related to remote access sessions during Leviathan Australian Intrusion…
…o victim environments by exploiting multiple known vulnerabilities over several campaigns. [97] [98] C0045 ShadowRay During ShadowRay , threat actors exploited CVE-2023-48022 on publicly exposed Ray servers to steal computing power and to expose sensitive data. [99] S0623 Silosca…
…as collected credentials from infected systems, including domain accounts. [16] C0049 Leviathan Australian Intrusions Leviathan compromised domain credentials during Leviathan Australian Intrusions [17] G0059 Magic Hound Magic Hound has used domain administrator accounts after du…
…e servers including JIRA, GitLab, and Confluence for privilege escalation. [28] C0049 Leviathan Australian Intrusions Leviathan exploited software vulnerabilities in victim environments to escalate privileges during Leviathan Australian Intrusions [29] G1019 MoustachedBouncer Mou…
…ra, H., Maruyama, E. (2020, April 17). Gamaredon APT Group Use Covid-19 Lure in Campaigns. Retrieved May 19, 2020. CERT-EE. (2021, January 27). Gamaredon Infection: From Dropper to Entry. Retrieved February 17, 2022. Schwarz, D. et al. (2019, October 16). TA505 Distributes New SD…