Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Intel]: https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/ #64

Open
timb-machine opened this issue Apr 19, 2022 · 0 comments

Comments

@timb-machine
Copy link
Owner

timb-machine commented Apr 19, 2022

Area

Malware reports

Parent threat

Defense Evasion, Discovery, Lateral Movement, Collection, Command and Control, Impact

Finding

https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/

Industry reference

attack:T1602.001:SNMP (MIB Dump)
attack:T1070.002:Clear Linux or Mac System Logs
attack:T1046:Network Service Discovery
attack:T1018:Remote System Discovery
attack:T1110.002:Password Cracking
attack:T1110.003:Password Spraying
attack:T1555:Credentials from Password Stores
attack:T1040:Packet Capture
attack:T1071.001:Web Protocols
attack:T1071.002:File Transfer Protocols
attack:T1071.004:DNS
attack:T1021.002:SMB/Windows Admin Shares
attack:T1021.004:SSH
attack:T1021.005:VNC
attack:T1590:Gather Victim Network Information
attack:T1590.002:DNS
attack:T1027.002:Software Packing
attack:T1001:Data Obfuscation
attack:T1070.004:File Deletion

Malware reference

#134
STEELCORGI
netcat
unixcat
netcat-ssl
telnet
traceroute
traceroute-tcp
traceroute-tcpfin
traceroute-udp
traceroute-icmp
traceroute-all
tftpd
HEAD
GET
sniff
nfsshell
ssh
ricochet
axfr
whois
scanip
sctpscan
sdporn
rmiexec
arpmap
whois
who
ahost
resolv
adig
axfr
asrv
aspf
periscope
scanip.sh
aliveips.sh
brutus.pl
enum4linux.pl
mikro
ss
sshu
onesixtyone
snmpgrab
snmpcheck
ciscopush
mikrotik-client
bleach
clean
ssleak
decrypt-vpn
pogo
pogo2
sid-force
sshock
decrypt-cisco
decrypt-vnc
decrypt-cvs

Actor reference

LightBasin
UNC1945

Component

Linux

Scenario

No response

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment