Threat Group-1314

Threat Group-1314 is an unattributed threat group that has used compromised credentials to log into a victim's remote access infrastructure. [1]

ID: G0028
Version: 1.0

Associated Group Descriptions


Techniques Used

EnterpriseT1059Command-Line InterfaceThreat Group-1314 actors spawned shells on remote systems on a victim network to execute commands.[1]
EnterpriseT1072Third-party SoftwareThreat Group-1314 actors used a victim's endpoint management platform, Altiris, for lateral movement.[1]
EnterpriseT1078Valid AccountsThreat Group-1314 actors used compromised credentials for the victim's endpoint management platform, Altiris, to move laterally.[1]
EnterpriseT1077Windows Admin SharesThreat Group-1314 actors mapped network drives using net use.[1]


S0039Net[1]Account Discovery, Create Account, Network Share Connection Removal, Network Share Discovery, Password Policy Discovery, Permission Groups Discovery, Remote System Discovery, Service Execution, System Network Connections Discovery, System Service Discovery, System Time Discovery, Windows Admin Shares
S0029PsExec[1]Service Execution, Windows Admin Shares