PittyTiger

PittyTiger is a threat group believed to operate out of China that uses multiple different types of malware to maintain command and control. ^[1] ^[2]

ID: G0011

Aliases: PittyTiger

Version: 1.0

Alias Descriptions

Name	Description
PittyTiger	^[1] ^[2]

Techniques Used

Domain	ID	Name	Use
Enterprise	T1078	Valid Accounts	PittyTiger attempts to obtain legitimate credentials during operations.^[1]

Software

ID	Name	Techniques
S0032	gh0st	Command-Line Interface, DLL Side-Loading, File Deletion, Indicator Removal on Host, Input Capture, Process Discovery, Rundll32
S0008	gsecdump	Credential Dumping
S0010	Lurid	Custom Cryptographic Protocol, Data Compressed
S0002	Mimikatz	Account Manipulation, Credential Dumping, Credentials in Files, DCShadow, Pass the Hash, Pass the Ticket, Private Keys, Security Support Provider, SID-History Injection
S0012	PoisonIvy	Application Window Discovery, Command-Line Interface, Data from Local System, Data Staged, Input Capture, Modify Existing Service, Modify Registry, New Service, Obfuscated Files or Information, Process Injection, Registry Run Keys / Startup Folder, Remote File Copy, Rootkit, Standard Cryptographic Protocol, Uncommonly Used Port

References

Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Pernet, C. (2014, July 11). Eye of the Tiger. Retrieved September 29, 2015.

Villeneuve, N., Homan, J. (2014, July 31). Spy of the Tiger. Retrieved September 29, 2015.