DeTTECT/threat-actor-data/20191001-CrowdStrike-softwa...

1.8 KiB

Targeted adversary tools

Source: page 8 - CrowdStrike OverWatch 2019 mid-year report

Legitimate Tools Used by Targeted Adversaries

prevalence Software ATT&CK ID
1 PsExec S0029
2 ProcDump
3 PC Hunter
4 7-Zip
5 Nmap
6 Netcat
7 Process Hacker
8 SMBexec
9 RemotelyAnywhere
10 PuTTY

Pen-Testing Tools Used in Targeted Intrusions

Prevalence Software ATT&CK ID
1 Mimikatz S0002
2 PowerShell Empire S0363
3 Cobalt Strike S0154
4 reGeorg
5 Powerkatz
6 PowerSploit S0194
7 Meterpreter
8 Masscan
9 RottenPotatoNG
10 Powercat

Implants Typically Associated with State-Sponsored Actors

Prevalence Software ATT&CK ID
1 China Chopper S0020
2 Winnti S0141
3 BabyShark S0414
4 RbDoor
5 QuasarRAT S0262
6 PlugX S0013
7 Mozi RAT
8 Hawup
9 Evora
10 Elise S0081