JUST RELEASED: ATT&CK for Industrial Control Systems
GROUPS
GROUPS
A-B
C-D
E-F
G-H
I-J
No groups
K-L
M-N
O-P
Q-R
S-T
U-V
No groups
W-X
Y-Z
No groups
  1. Home
  2. Groups
  3. PittyTiger

PittyTiger

PittyTiger is a threat group believed to operate out of China that uses multiple different types of malware to maintain command and control. [1] [2]

ID: G0011
Version: 1.0
Created: 31 May 2017
Last Modified: 25 March 2019
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1078 Valid Accounts

PittyTiger attempts to obtain legitimate credentials during operations.[1]

Software

ID Name References Techniques
S0032 gh0st RAT [1] [2] Command-Line Interface, Commonly Used Port, DLL Side-Loading, File Deletion, Indicator Removal on Host, Input Capture, New Service, Process Discovery, Registry Run Keys / Startup Folder, Remote File Copy, Rundll32, Screen Capture, Standard Cryptographic Protocol
S0008 gsecdump [1] Credential Dumping
S0010 Lurid [2] Custom Cryptographic Protocol, Data Compressed
S0002 Mimikatz [1] Account Manipulation, Credential Dumping, Credentials in Files, DCShadow, Pass the Hash, Pass the Ticket, Private Keys, Security Support Provider, SID-History Injection
S0012 PoisonIvy [2] Application Window Discovery, Command-Line Interface, Data from Local System, Data Staged, Input Capture, Modify Existing Service, Modify Registry, New Service, Obfuscated Files or Information, Process Injection, Registry Run Keys / Startup Folder, Remote File Copy, Rootkit, Standard Cryptographic Protocol, Uncommonly Used Port

References

  1. Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Pernet, C. (2014, July 11). Eye of the Tiger. Retrieved September 29, 2015.
  1. Villeneuve, N., Homan, J. (2014, July 31). Spy of the Tiger. Retrieved September 29, 2015.