PittyTiger

PittyTiger is a threat group believed to operate out of China that uses multiple different types of malware to maintain command and control. ^[1] ^[2]

ID: G0011

Version: 1.0

Techniques Used

Domain	ID	Name	Use
Enterprise	T1078	Valid Accounts	PittyTiger attempts to obtain legitimate credentials during operations.^[1]

Software

ID	Name	References	Techniques
S0032	gh0st RAT	^[1]^[2]	Command-Line Interface, Commonly Used Port, DLL Side-Loading, File Deletion, Indicator Removal on Host, Input Capture, New Service, Process Discovery, Registry Run Keys / Startup Folder, Remote File Copy, Rundll32, Screen Capture, Standard Cryptographic Protocol
S0008	gsecdump	^[1]	Credential Dumping
S0010	Lurid	^[2]	Custom Cryptographic Protocol, Data Compressed
S0002	Mimikatz	^[1]	Account Manipulation, Credential Dumping, Credentials in Files, DCShadow, Pass the Hash, Pass the Ticket, Private Keys, Security Support Provider, SID-History Injection
S0012	PoisonIvy	^[2]	Application Window Discovery, Command-Line Interface, Data from Local System, Data Staged, Input Capture, Modify Existing Service, Modify Registry, New Service, Obfuscated Files or Information, Process Injection, Registry Run Keys / Startup Folder, Remote File Copy, Rootkit, Standard Cryptographic Protocol, Uncommonly Used Port

References

Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Pernet, C. (2014, July 11). Eye of the Tiger. Retrieved September 29, 2015.

Villeneuve, N., Homan, J. (2014, July 31). Spy of the Tiger. Retrieved September 29, 2015.