Update analysis.md

This commit is contained in:
StrangerealIntel 2019-11-11 02:13:22 +01:00 committed by GitHub
parent 6c472a08e8
commit e771f016c7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -927,7 +927,7 @@ function PulsetoC2($rid)
|Execution|Scripting<br>PowerShell|https://attack.mitre.org/techniques/T1064/<br>https://attack.mitre.org/techniques/T1086/| |Execution|Scripting<br>PowerShell|https://attack.mitre.org/techniques/T1064/<br>https://attack.mitre.org/techniques/T1086/|
|Defense Evasion|Scripting|https://attack.mitre.org/techniques/T1064/| |Defense Evasion|Scripting|https://attack.mitre.org/techniques/T1064/|
|Discovery|Account Discovery<br/>System Information Discovery<br/>System Time Discovery<br/>Query Registry|https://attack.mitre.org/techniques/T1087/<br/>https://attack.mitre.org/techniques/T1082/<br/>https://attack.mitre.org/techniques/T1124/<br/>https://attack.mitre.org/techniques/T1012/| |Discovery|Account Discovery<br/>System Information Discovery<br/>System Time Discovery<br/>Query Registry|https://attack.mitre.org/techniques/T1087/<br/>https://attack.mitre.org/techniques/T1082/<br/>https://attack.mitre.org/techniques/T1124/<br/>https://attack.mitre.org/techniques/T1012/|
|Collection|Data from Local System https://attack.mitre.org/techniques/T1005/| |Collection|Data from Local System|https://attack.mitre.org/techniques/T1005/|
|Command And Control|Data Encoding|https://attack.mitre.org/techniques/T1132/| |Command And Control|Data Encoding|https://attack.mitre.org/techniques/T1132/|
|Exfiltration|Data Encrypted|https://attack.mitre.org/techniques/T1022/| |Exfiltration|Data Encrypted|https://attack.mitre.org/techniques/T1022/|
@ -937,8 +937,8 @@ function PulsetoC2($rid)
| :---------------: |:-------------| :------------- | | :---------------: |:-------------| :------------- |
|Execution|Scripting|https://attack.mitre.org/techniques/T1064/| |Execution|Scripting|https://attack.mitre.org/techniques/T1064/|
|Defense Evasion|Scripting|https://attack.mitre.org/techniques/T1064/| |Defense Evasion|Scripting|https://attack.mitre.org/techniques/T1064/|
|Discovery|Account Discovery<br/>System Information Discovery<br/>System Time Discovery<br/>Query Registry|https://attack.mitre.org/techniques/T1087/<br/>https://attack.mitre.org/techniques/T1082/<br/>https://attack.mitre.org/techniques/T1124/<br/>https://attack.mitre.org/techniques/T1012/| |Discovery|Account Discovery<br/>System Information Discovery<br/>System Time Discovery|https://attack.mitre.org/techniques/T1087/<br/>https://attack.mitre.org/techniques/T1082/<br/>https://attack.mitre.org/techniques/T1124/|
|Collection|Data from Local System https://attack.mitre.org/techniques/T1005/| |Collection|Data from Local System|https://attack.mitre.org/techniques/T1005/|
|Command And Control|Data Encoding|https://attack.mitre.org/techniques/T1132/| |Command And Control|Data Encoding|https://attack.mitre.org/techniques/T1132/|
|Exfiltration|Data Encrypted|https://attack.mitre.org/techniques/T1022/| |Exfiltration|Data Encrypted|https://attack.mitre.org/techniques/T1022/|
@ -1031,6 +1031,10 @@ function PulsetoC2($rid)
<h6> This can be exported as JSON format <a href="https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/North%20Korea/APT/Lazarus/23-10-19/Json/Others_Dtrack.json">Export in JSON</a></h6> <h6> This can be exported as JSON format <a href="https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/North%20Korea/APT/Lazarus/23-10-19/Json/Others_Dtrack.json">Export in JSON</a></h6>
<h2>Yara Rules<a name="Yara"></a></h2> <h2>Yara Rules<a name="Yara"></a></h2>
<h6> A list of YARA Rule is available <a href="https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/North%20Korea/APT/Lazarus/23-10-19/YARA_Rule_Lazarus_October_2019.yar">here</a></h6> <h6> A list of YARA Rule is available <a href="https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/North%20Korea/APT/Lazarus/23-10-19/YARA_Rule_Lazarus_October_2019.yar">here</a></h6>
<h2>Knowledge Graph<a name="Knowledge"></a></h2>
<p align="center">
<img src="https://raw.githubusercontent.com/StrangerealIntel/CyberThreatIntel/master/North%20Korea/APT/Lazarus/23-10-19/Analysis/CTI.png">
</p>
<h2>Links <a name="Links"></a></h2> <h2>Links <a name="Links"></a></h2>
<h6> Originals tweets: </h6> <h6> Originals tweets: </h6>