48 lines
1.8 KiB
Markdown
48 lines
1.8 KiB
Markdown
# Targeted adversary tools
|
|
*Source: page 8 - CrowdStrike OverWatch 2019 mid-year report*
|
|
|
|
### Legitimate Tools Used by Targeted Adversaries
|
|
|
|
| prevalence | Software | ATT&CK ID |
|
|
|:-----------|:-----------------|:----------|
|
|
| 1 | PsExec | S0029 |
|
|
| 2 | ProcDump | |
|
|
| 3 | PC Hunter | |
|
|
| 4 | 7-Zip | |
|
|
| 5 | Nmap | |
|
|
| 6 | Netcat | |
|
|
| 7 | Process Hacker | |
|
|
| 8 | SMBexec | |
|
|
| 9 | RemotelyAnywhere | |
|
|
| 10 | PuTTY | |
|
|
|
|
|
|
### Pen-Testing Tools Used in Targeted Intrusions
|
|
| Prevalence | Software | ATT&CK ID |
|
|
|:-----------|:------------------|:----------|
|
|
| 1 | Mimikatz | S0002 |
|
|
| 2 | PowerShell Empire | S0363 |
|
|
| 3 | Cobalt Strike | S0154 |
|
|
| 4 | reGeorg | |
|
|
| 5 | Powerkatz | |
|
|
| 6 | PowerSploit | S0194 |
|
|
| 7 | Meterpreter | |
|
|
| 8 | Masscan | |
|
|
| 9 | RottenPotatoNG | |
|
|
| 10 | Powercat | |
|
|
|
|
|
|
### Implants Typically Associated with State-Sponsored Actors
|
|
| Prevalence | Software | ATT&CK ID |
|
|
|:-----------|:--------------|:----------|
|
|
| 1 | China Chopper | S0020 |
|
|
| 2 | Winnti | S0141 |
|
|
| 3 | BabyShark | S0414 |
|
|
| 4 | RbDoor | |
|
|
| 5 | QuasarRAT | S0262 |
|
|
| 6 | PlugX | S0013 |
|
|
| 7 | Mozi RAT | |
|
|
| 8 | Hawup | |
|
|
| 9 | Evora | |
|
|
| 10 | Elise | S0081 |
|