DeTTECT/threat-actor-data/20191001-CrowdStrike-softwa...

48 lines
1.8 KiB
Markdown

# Targeted adversary tools
*Source: page 8 - CrowdStrike OverWatch 2019 mid-year report*
### Legitimate Tools Used by Targeted Adversaries
| prevalence | Software | ATT&CK ID |
|:-----------|:-----------------|:----------|
| 1 | PsExec | S0029 |
| 2 | ProcDump | |
| 3 | PC Hunter | |
| 4 | 7-Zip | |
| 5 | Nmap | |
| 6 | Netcat | |
| 7 | Process Hacker | |
| 8 | SMBexec | |
| 9 | RemotelyAnywhere | |
| 10 | PuTTY | |
### Pen-Testing Tools Used in Targeted Intrusions
| Prevalence | Software | ATT&CK ID |
|:-----------|:------------------|:----------|
| 1 | Mimikatz | S0002 |
| 2 | PowerShell Empire | S0363 |
| 3 | Cobalt Strike | S0154 |
| 4 | reGeorg | |
| 5 | Powerkatz | |
| 6 | PowerSploit | S0194 |
| 7 | Meterpreter | |
| 8 | Masscan | |
| 9 | RottenPotatoNG | |
| 10 | Powercat | |
### Implants Typically Associated with State-Sponsored Actors
| Prevalence | Software | ATT&CK ID |
|:-----------|:--------------|:----------|
| 1 | China Chopper | S0020 |
| 2 | Winnti | S0141 |
| 3 | BabyShark | S0414 |
| 4 | RbDoor | |
| 5 | QuasarRAT | S0262 |
| 6 | PlugX | S0013 |
| 7 | Mozi RAT | |
| 8 | Hawup | |
| 9 | Evora | |
| 10 | Elise | S0081 |