Track Common Adversary Tasks Performed Using Cobalt Strike
Presented by: Ashwin (Microsoft Azure MVP)
Cobalt Strike is a commercial, full-featured, remote access tool that bills itself as "adversary simulation software designed to execute targeted attacks and emulate the post-exploitation actions of advanced threat actors". Cobalt Strike’s interactive post-exploit capabilities cover the full range of ATT&CK tactics, all executed within a single, integrated system.
In addition to its own capabilities, Cobalt Strike leverages the capabilities of other well-known tools such as Metasploit and Mimikatz.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Mimikatz
Presented by: Ashwin (Microsoft Azure MVP)
Mimikatz is a credential dumper capable of obtaining plaintext Windows account logins and passwords, along with many other features that make it useful for testing the security of networks.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these activities.
Track Common Adversary Tasks Performed Using PsExec
Presented by: Ashwin (Microsoft Azure MVP)
PsExec is a free Microsoft tool that can be used to execute a program on another computer. It is used by IT administrators and attackers.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these activites.
Track Common Adversary Tasks Performed Using 3PARA RAT
Presented by: Ashwin (Microsoft Azure MVP)
3PARA RAT is a remote access tool (RAT) programmed in C++ that has been used by Putter Panda.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these activites.
Track Common Adversary Tasks Performed Using 4H RAT
Presented by: Ashwin (Microsoft Azure MVP)
4H RAT is malware that has been used by Putter Panda since at least 2007.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using AADInternals
Presented by: Ashwin (Microsoft Azure MVP)
AADInternals is a PowerShell-based framework for administering, enumerating, and exploiting Azure Active Directory. The tool is publicly available on GitHub.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using ABK
Presented by: Ashwin (Microsoft Azure MVP)
ABK is a downloader that has been used by BRONZE BUTLER since at least 2019.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using ACAD/Medre.A
Presented by: Ashwin (Microsoft Azure MVP)
ACAD/Medre.A is a worm that steals operational information. The worm collects AutoCAD files with drawings. ACAD/Medre.A has the capability to be used for industrial espionage.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using adbupd
Presented by: Ashwin (Microsoft Azure MVP)
adbupd is a backdoor used by PLATINUM that is similar to Dipsind.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using AdFind
Presented by: Ashwin (Microsoft Azure MVP)
AdFind is a free command-line query tool that can be used for gathering information from Active Directory.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Adups
Presented by: Ashwin (Microsoft Azure MVP)
Adups is software that was pre-installed onto Android devices, including those made by BLU Products. The software was reportedly designed to help a Chinese phone manufacturer monitor user behavior, transferring sensitive data to a Chinese server.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using ADVSTORESHELL
Presented by: Ashwin (Microsoft Azure MVP)
ADVSTORESHELL is a spying backdoor that has been used by APT28 from at least 2012 to 2016. It is generally used for long-term espionage and is deployed on targets deemed interesting after a reconnaissance phase.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Agent Smith
Presented by: Ashwin (Microsoft Azure MVP)
Agent Smith is mobile malware that generates financial gain by replacing legitimate applications on devices with malicious versions that include fraudulent ads. As of July 2019 Agent Smith had infected around 25 million devices, primarily targeting India though effects had been observed in other Asian countries as well as Saudi Arabia, the United Kingdom, and the United States.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Agent Tesla
Presented by: Ashwin (Microsoft Azure MVP)
Agent Tesla is a spyware Trojan written for the .NET framework that has been observed since at least 2014.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Agent.btz
Presented by: Ashwin (Microsoft Azure MVP)
Agent.btz is a worm that primarily spreads itself via removable devices such as USB drives. It reportedly infected U.S. military networks in 2008.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Allwinner
Presented by: Ashwin (Microsoft Azure MVP)
Allwinner is a company that supplies processors used in Android tablets and other devices. A Linux kernel distributed by Allwinner for use on these devices reportedly contained a backdoor.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Anchor
Presented by: Ashwin (Microsoft Azure MVP)
Anchor is one of a family of backdoor malware that has been used in conjunction with TrickBot on selected high profile targets since at least 2018.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Android/AdDisplay.Ashas
Presented by: Ashwin (Microsoft Azure MVP)
Android/AdDisplay.Ashas is a variant of adware that has been distributed through multiple apps in the Google Play Store.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Android/Chuli.A
Presented by: Ashwin (Microsoft Azure MVP)
Android/Chuli.A is Android malware that was delivered to activist groups via a spearphishing email with an attachment.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using ANDROIDOS_ANSERVER.A
Presented by: Ashwin (Microsoft Azure MVP)
ANDROIDOS_ANSERVER.A is Android malware that is unique because it uses encrypted content within a blog site for command and control.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using AndroidOS/MalLocker.B
Presented by: Ashwin (Microsoft Azure MVP)
AndroidOS/MalLocker.B is a variant of a ransomware family targeting Android devices. It prevents the user from interacting with the UI by displaying a screen containing a ransom note over all other windows.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using AndroRAT
Presented by: Ashwin (Microsoft Azure MVP)
AndroRAT is malware that allows a third party to control the device and collect information.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Anubis
Presented by: Ashwin (Microsoft Azure MVP)
Anubis is Android malware that was originally used for cyber espionage, and has been retooled as a banking trojan.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using AppleJeus
Presented by: Ashwin (Microsoft Azure MVP)
AppleJeus is a family of downloaders initially discovered in 2018 embedded within trojanized cryptocurrency applications. AppleJeus has been used by Lazarus Group, targeting companies in the energy, finance, government, industry, technology, and telecommunications sectors, and several countries including the United States, United Kingdom, South Korea, Australia, Brazil, New Zealand, and Russia. AppleJeus has been used to distribute the FALLCHILL RAT.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using AppleSeed
Presented by: Ashwin (Microsoft Azure MVP)
AppleSeed is a backdoor that has been used by Kimsuky to target South Korean government, academic, and commercial targets since at least 2021.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using AppleSeed
Presented by: Ashwin (Microsoft Azure MVP)
AppleSeed is a backdoor that has been used by Kimsuky to target South Korean government, academic, and commercial targets since at least 2021.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using ASPXSpy
Presented by: Ashwin (Microsoft Azure MVP)
ASPXSpy is a Web shell. It has been modified by Threat Group-3390 actors to create the ASPXTool version.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Aria-body
Presented by: Ashwin (Microsoft Azure MVP)
Aria-body is a custom backdoor that has been used by Naikon since approximately 2017.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Arp
Presented by: Ashwin (Microsoft Azure MVP)
Arp displays and modifies information about a system's Address Resolution Protocol (ARP) cache.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Asacub
Presented by: Ashwin (Microsoft Azure MVP)
Asacub is a banking trojan that attempts to steal money from victims’ bank accounts. It attempts to do this by initiating a wire transfer via SMS message from compromised devices.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Astaroth
Presented by: Ashwin (Microsoft Azure MVP)
Astaroth is a Trojan and information stealer known to affect companies in Europe, Brazil, and throughout Latin America. It has been known publicly since at least late 2017.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Attor
Presented by: Ashwin (Microsoft Azure MVP)
Attor is a Windows-based espionage platform that has been seen in use since 2013. Attor has a loadable plugin architecture to customize functionality for specific targets.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using AuditCred
Presented by: Ashwin (Microsoft Azure MVP)
AuditCred is a malicious DLL that has been used by Lazarus Group during their 2018 attacks.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using AutoIt backdoor
Presented by: Ashwin (Microsoft Azure MVP)
AutoIt backdoor is malware that has been used by the actors responsible for the MONSOON campaign. The actors frequently used it in weaponized .pps files exploiting CVE-2014-6352. This malware makes use of the legitimate scripting language for Windows GUI automation with the same name.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Avaddon
Presented by: Ashwin (Microsoft Azure MVP)
Avaddon is ransomware written in C++ that has been offered as Ransomware-as-a-Service (RaaS) since at least June 2020.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Avenger
Presented by: Ashwin (Microsoft Azure MVP)
Avenger is a downloader that has been used by BRONZE BUTLER since at least 2019.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Azorult
Presented by: Ashwin (Microsoft Azure MVP)
Azorult is a commercial Trojan that is used to steal information from compromised hosts. Azorult has been observed in the wild as early as 2016.In July 2018, Azorult was seen used in a spearphishing campaign against targets in North America. Azorult has been seen used for cryptocurrency theft.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Babuk
Presented by: Ashwin (Microsoft Azure MVP)
Babuk is a Ransomware-as-a-service (RaaS) malware that has been used since at least 2021. The operators of Babuk employ a "Big Game Hunting" approach to targeting major enterprises and operate a leak site to post stolen data as part of their extortion scheme.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using BabyShark
Presented by: Ashwin (Microsoft Azure MVP)
BabyShark is a Microsoft Visual Basic (VB) script-based malware family that is believed to be associated with several North Korean campaigns.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using BackConfig
Presented by: Ashwin (Microsoft Azure MVP)
BackConfig is a custom Trojan with a flexible plugin architecture that has been used by Patchwork.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Backdoor.Oldrea
Presented by: Ashwin (Microsoft Azure MVP)
Backdoor.Oldrea is a modular backdoor that used by Dragonfly against energy companies since at least 2013. Backdoor.Oldrea was distributed via supply chain compromise, and included specialized modules to enumerate and map ICS-specific systems, processes, and protocols.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using BACKSPACE
Presented by: Ashwin (Microsoft Azure MVP)
BACKSPACE is a backdoor used by APT30 that dates back to at least 2005.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Bad Rabbit
Presented by: Ashwin (Microsoft Azure MVP)
Bad Rabbit is a self-propagating ransomware that affected the Ukrainian transportation sector in 2017. Bad Rabbit has also targeted organizations and consumers in Russia.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using BADCALL
Presented by: Ashwin (Microsoft Azure MVP)
BADCALL is a Trojan malware variant used by the group Lazarus Group.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using BADFLICK
Presented by: Ashwin (Microsoft Azure MVP)
BADFLICK is a backdoor used by Leviathan in spearphishing campaigns first reported in 2018 that targeted the U.S. engineering and maritime industries.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using BADNEWS
Presented by: Ashwin (Microsoft Azure MVP)
BADNEWS is malware that has been used by the actors responsible for the Patchwork campaign. Its name was given due to its use of RSS feeds, forums, and blogs for command and control.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using BadPatch
Presented by: Ashwin (Microsoft Azure MVP)
BadPatch is a Windows Trojan that was used in a Gaza Hackers-linked campaign.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Bandook
Presented by: Ashwin (Microsoft Azure MVP)
Bandook is a commercially available RAT, written in Delphi and C++, that has been available since at least 2007. It has been used against government, financial, energy, healthcare, education, IT, and legal organizations in the US, South America, Europe, and Southeast Asia. Bandook has been used by Dark Caracal, as well as in a separate campaign referred to as "Operation Manul".
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
TTrack Common Adversary Tasks Performed Using Bankshot
Presented by: Ashwin (Microsoft Azure MVP)
Bankshot is a remote access tool (RAT) that was first reported by the Department of Homeland Security in December of 2017. In 2018, Lazarus Group used the Bankshot implant in attacks against the Turkish financial sector.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Bazar
Presented by: Ashwin (Microsoft Azure MVP)
Bazar is a downloader and backdoor that has been used since at least April 2020, with infections primarily against professional services, healthcare, manufacturing, IT, logistics and travel companies across the US and Europe. Bazar reportedly has ties to TrickBot campaigns and can be used to deploy additional malware, including ransomware, and to steal sensitive data.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using BBK
Presented by: Ashwin (Microsoft Azure MVP)
BBK is a downloader that has been used by BRONZE BUTLER since at least 2019.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using BBSRAT
Presented by: Ashwin (Microsoft Azure MVP)
BBSRAT is malware with remote access tool functionality that has been used in targeted compromises.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using BendyBear
Presented by: Ashwin (Microsoft Azure MVP)
BendyBear is an x64 shellcode for a stage-zero implant designed to download malware from a C2 server. First discovered in August 2020, BendyBear shares a variety of features with Waterbear, malware previously attributed to the Chinese cyber espionage group BlackTech.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using BISCUIT
Presented by: Ashwin (Microsoft Azure MVP)
BISCUIT is a backdoor that has been used by APT1 since as early as 2007.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Bisonal
Presented by: Ashwin (Microsoft Azure MVP)
Bisonal is a remote access tool (RAT) that has been used by Tonto Team against public and private sector organizations in Russia, South Korea, and Japan since at least December 2010.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using BitPaymer
Presented by: Ashwin (Microsoft Azure MVP)
BitPaymer is a ransomware variant first observed in August 2017 targeting hospitals in the U.K. BitPaymer uses a unique encryption key, ransom note, and contact information for each operation. BitPaymer has several indicators suggesting overlap with the Dridex malware and is often delivered via Dridex.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using BITSAdmin
Presented by: Ashwin (Microsoft Azure MVP)
BITSAdmin is a command line tool used to create and manage BITS Jobs.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using BLACKCOFFEE
Presented by: Ashwin (Microsoft Azure MVP)
BLACKCOFFEE is malware that has been used by several Chinese groups since at least 2013.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using BlackEnergy
Presented by: Ashwin (Microsoft Azure MVP)
BADFLICK is a backdoor used by Leviathan in spearphishing campaigns first reported in 2018 that targeted the U.S. engineering and maritime industries.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
TTrack Common Adversary Tasks Performed Using BlackMould
Presented by: Ashwin (Microsoft Azure MVP)
BlackMould is a web shell based on China Chopper for servers running Microsoft IIS. First reported in December 2019, it has been used in malicious campaigns by GALLIUM against telecommunication providers.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
TTrack Common Adversary Tasks Performed Using BLINDINGCAN
Presented by: Ashwin (Microsoft Azure MVP)
BLINDINGCAN is a remote access Trojan that has been used by the North Korean government since at least early 2020 in cyber operations against defense, engineering, and government organizations in Western Europe and the US.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
TTrack Common Adversary Tasks Performed Using BloodHound
Presented by: Ashwin (Microsoft Azure MVP)
BloodHound is an Active Directory (AD) reconnaissance tool that can reveal hidden relationships and identify attack paths within an AD environment.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using BLUELIGHT
Presented by: Ashwin (Microsoft Azure MVP)
BLUELIGHT is a remote access Trojan used by APT37 that was first observed in early 2021.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
Track Common Adversary Tasks Performed Using Bonadan
Presented by: Ashwin (Microsoft Azure MVP)
Bonadan is a malicious version of OpenSSH which acts as a custom backdoor. Bonadan has been active since at least 2018 and combines a new cryptocurrency-mining module with the same credential-stealing module used by the Onderon family of backdoors.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
TTrack Common Adversary Tasks Performed Using BONDUPDATER
Presented by: Ashwin (Microsoft Azure MVP)
BONDUPDATER is a PowerShell backdoor used by OilRig. It was first observed in November 2017 during targeting of a Middle Eastern government organization, and an updated version was observed in August 2018 being used to target a government organization with spearphishing emails.
Source:
MITRE ATT&CK® Matrix for Enterprise
Now, let's see the details around the series of events associated with this software in chronological order, and how we can work to mitigate or detect these threats.
