Property:Has description

From enterprise
Jump to: navigation, search

This is a property of type String.

Pages using the property "Has description"

Showing 25 pages using this property.

View (previous 25 | next 25) (20 | 50 | 100 | 250 | 500)

Collection +Collection consists of techniques used to identify and gather information, such as sensitive files, from a target network prior to exfiltration. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.  +
Command and Control +The command and control tactic represents how adversaries communicate with systems under their control within a target network. There are many ways an adversary can establish command and control with various levels of covertness, depending on system configuration and network topology. Due to the wide degree of variation available to the adversary at the network level, only the most common factors were used to describe the differences in command and control. There are still a great many specific techniques within the documented methods, largely due to how easy it is to define new protocols and use existing, legitimate protocols and network services for communication. The resulting breakdown should help convey the concept that detecting intrusion through command and control protocols without prior knowledge is a difficult proposition over the long term. Adversaries' main constraints in network-level defense avoidance are testing and deployment of tools to rapidly change their protocols, awareness of existing defensive technologies, and access to legitimate Web services that, when used appropriately, make their tools difficult to distinguish from benign traffic.  +
Credential Access +Credential access represents techniques resulting in access to or control over system, domain, or service credentials that are used within an enterprise environment. Adversaries will likely attempt to obtain legitimate credentials from users or administrator accounts (local system administrator or domain users with administrator access) to use within the network. This allows the adversary to assume the identity of the account, with all of that account's permissions on the system and network, and makes it harder for defenders to detect the adversary. With sufficient access within a network, an adversary can create accounts for later use within the environment.  +
Defense Evasion +Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses. Sometimes these actions are the same as or variations of techniques in other categories that have the added benefit of subverting a particular defense or mitigation. Defense evasion may be considered a set of attributes the adversary applies to all other phases of the operation.  +
Discovery +Discovery consists of techniques that allow the adversary to gain knowledge about the system and internal network. When adversaries gain access to a new system, they must orient themselves to what they now have control of and what benefits operating from that system give to their current objective or overall goals during the intrusion. The operating system provides many native tools that aid in this post-compromise information-gathering phase.  +
Execution +The execution tactic represents techniques that result in execution of adversary-controlled code on a local or remote system. This tactic is often used in conjunction with initial access as the means of executing code once access is obtained, and lateral movement to expand access to remote systems on a network.  +
Exfiltration +Exfiltration refers to techniques and attributes that result or aid in the adversary removing files and information from a target network. This category also covers locations on a system or network where the adversary may look for information to exfiltrate.  +
Group: APT1, Comment Crew, ... +[[Group/G0006|APT1]] is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398.[[CiteRef::Mandiant APT1]]  +
Group: APT12, IXESHE, ... +[[Group/G0005|APT12]] is a threat group that has been attributed to China.[[CiteRef::Meyers Numbered Panda]]  +
Group: APT16 +[[Group/G0023|APT16]] is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations.[[CiteRef::FireEye EPS Awakens Part 2]]  +
Group: APT17, Deputy Dog +[[Group/G0025|APT17]] is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations.[[CiteRef::FireEye APT17]]  +
Group: APT18, Threat Group-0416, ... +[[Group/G0026|APT18]] is a threat group that has operated since at least 2009 and has targeted a range of industries, including technology, manufacturing, human rights groups, government, and medical.[[CiteRef::Dell Lateral Movement]]  +
Group: APT28, Sednit, ... +[[Group/G0007|APT28]] is a threat group that has been attributed to the Russian government.[[CiteRef::FireEye APT28]][[CiteRef::SecureWorks TG-4127]][[CiteRef::FireEye APT28 January 2017]][[CiteRef::GRIZZLY STEPPE JAR]] This group reportedly compromised the Democratic National Committee in April 2016.[[CiteRef::Crowdstrike DNC June 2016]]  +
Group: APT29, The Dukes, ... +[[Group/G0016|APT29]] is threat group that has been attributed to the Russian government and has operated since at least 2008.[[CiteRef::F-Secure The Dukes]][[CiteRef::GRIZZLY STEPPE JAR]] This group reportedly compromised the Democratic National Committee starting in the summer of 2015.[[CiteRef::Crowdstrike DNC June 2016]]  +
Group: APT3, Gothic Panda, ... +[[Group/G0022|APT3]] is a China-based threat group that researchers have attributed to China's Ministry of State Security.[[CiteRef::FireEye Clandestine Wolf]][[CiteRef::Recorded Future APT3 May 2017]] This group is responsible for the campaigns known as Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap.[[CiteRef::FireEye Clandestine Wolf]][[CiteRef::FireEye Operation Double Tap]] As of June 2015, the group appears to have shifted from targeting primarily US victims to primarily political organizations in Hong Kong.[[CiteRef::Symantec Buckeye]] [[Adversary Emulation Plans|APT3 Adversary Emulation Plan]]  +
Group: APT30 +[[Group/G0013|APT30]] is a threat group suspected to be associated with the Chinese government.[[CiteRef::FireEye APT30]] While [[Group/G0019|Naikon]] shares some characteristics with [[Group/G0013|APT30]], the two groups do not appear to be exact matches.[[CiteRef::Baumgartner Golovkin Naikon 2015]]  +
Group: APT32, OceanLotus Group +[[Group/G0050|APT32]] is a threat group that has been active since at least 2014. The group has targeted multiple private sector industries as well as with foreign governments, dissidents, and journalists, and has extensively used strategic web compromises to compromise victims. The group is believed to be Vietnam-based.[[CiteRef::FireEye APT32 May 2017]][[CiteRef::Volexity OceanLotus Nov 2017]]  +
Group: APT33 +[[Group/G0064|APT33]] is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the aviation and energy sectors.[[CiteRef::FireEye APT33 Sept 2017]][[CiteRef::FireEye APT33 Webinar Sept 2017]]  +
Group: APT34 +[[Group/G0057|APT34]] is an Iranian cyber espionage group that has been active since at least 2014. The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. FireEye assesses that the group works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nation-state interests. [[Group/G0057|APT34]] loosely aligns with public reporting related to [[Group/G0049|OilRig]], but may not wholly align due to companies tracking threat groups in different ways.[[CiteRef::FireEye APT34 Dec 2017]]  +
Group: APT37, ScarCruft, ... +[[Group/G0067|APT37]] is a suspected North Korean cyber espionage group that has been active since at least 2012. The group has targeted victims primarily in South Korea, but also in Japan, Vietnam, Russia, Nepal, China, India, Romania, Kuwait, and other parts of the Middle East. The group was believed to be responsible for a 2016 campaign known as Operation Daybreak as well as an earlier campaign known as Operation Erebus.[[CiteRef::FireEye APT37 Feb 2018]][[CiteRef::Securelist ScarCruft Jun 2016]]  +
Group: Axiom, Group 72 +[[Group/G0001|Axiom]] is a cyber espionage group suspected to be associated with the Chinese government. It is responsible for the Operation SMN campaign.[[CiteRef::Axiom]] Though both this group and [[Group/G0044|Winnti Group]] use the malware [[Software/S0141|Winnti]], the two groups appear to be distinct based on differences in reporting on the groups' TTPs and targeting.[[CiteRef::Kaspersky Winnti April 2013]][[CiteRef::Kaspersky Winnti June 2015]][[CiteRef::Novetta Winnti April 2015]]  +
Group: BRONZE BUTLER, REDBALDKNIGHT, Tick +[[Group/G0060|BRONZE BUTLER]] is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group primarily targets Japanese organizations, particularly those in government, biotechnology, electronics manufacturing, and industrial chemistry.[[CiteRef::Trend Micro Daserf Nov 2017]][[CiteRef::Secureworks BRONZE BUTLER Oct 2017]]  +
Group: BlackOasis +[[Group/G0063|BlackOasis]] is a Middle Eastern threat group that is believed to be a customer of Gamma Group. The group has shown interest in prominent figures in the United Nations, as well as opposition bloggers, activists, regional news correspondents, and think tanks.[[CiteRef::Securelist BlackOasis Oct 2017]][[CiteRef::Securelist APT Trends Q2 2017]] A group known by Microsoft as [[Group/G0055|NEODYMIUM]] is reportedly associated closely with [[Group/G0063|BlackOasis]] operations, but evidence that the group names are aliases has not been identified.[[CiteRef::CyberScoop BlackOasis Oct 2017]]  +
Group: Carbanak, Anunak, Carbon Spider +[[Group/G0008|Carbanak]] is a threat group that mainly targets banks. It also refers to malware of the same name ([[Software/S0030|Carbanak]]). It is sometimes referred to as [[Group/G0046|FIN7]], but these appear to be two groups using the same [[Software/S0030|Carbanak]] malware and are therefore tracked separately.[[CiteRef::Kaspersky Carbanak]][[CiteRef::FireEye FIN7 April 2017]]  +
Group: Charming Kitten +[[Group/G0058|Charming Kitten]] is an Iranian cyber espionage group that has been active since approximately 2014. They appear to focus on targeting individuals of interest to Iran who work in academic research, human rights, and media, with most victims having been located in Iran, the US, Israel, and the UK. [[Group/G0058|Charming Kitten]] usually tries to access private email and Facebook accounts, and sometimes establishes a foothold on victim computers as a secondary objective. The group's TTPs overlap extensively with another group, [[Group/G0059|Rocket Kitten]], resulting in reporting that may not distinguish between the two groups' activities.[[CiteRef::ClearSky Charming Kitten Dec 2017]]  +