[Intel]: https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/ #64
Labels
ignore:tag:T1001
ignore:tag:T1003.008
ignore:tag:T1005
ignore:tag:T1021.001
ignore:tag:T1021.002
ignore:tag:T1021.004
ignore:tag:T1027.002
ignore:tag:T1048
ignore:tag:T1053.003
ignore:tag:T1057
ignore:tag:T1070.002
ignore:tag:T1070.004
ignore:tag:T1071.001
ignore:tag:T1205
ignore:tag:T1491
ignore:tag:T1546.004
ignore:tag:T1560
ignore:tag:T1567
ignore:tag:T1573
ignore:tag:T1590
ignore:tag:T1602.001
Area
Malware reports
Parent threat
Defense Evasion, Discovery, Lateral Movement, Collection, Command and Control, Impact
Finding
https://yoroi.company/research/opening-steelcorgi-a-sophisticated-apt-swiss-army-knife/
Industry reference
attack:T1602.001:SNMP (MIB Dump)
attack:T1070.002:Clear Linux or Mac System Logs
attack:T1046:Network Service Discovery
attack:T1018:Remote System Discovery
attack:T1110.002:Password Cracking
attack:T1110.003:Password Spraying
attack:T1555:Credentials from Password Stores
attack:T1040:Packet Capture
attack:T1071.001:Web Protocols
attack:T1071.002:File Transfer Protocols
attack:T1071.004:DNS
attack:T1021.002:SMB/Windows Admin Shares
attack:T1021.004:SSH
attack:T1021.005:VNC
attack:T1590:Gather Victim Network Information
attack:T1590.002:DNS
attack:T1027.002:Software Packing
attack:T1001:Data Obfuscation
attack:T1070.004:File Deletion
Malware reference
#134
STEELCORGI
netcat
unixcat
netcat-ssl
telnet
traceroute
traceroute-tcp
traceroute-tcpfin
traceroute-udp
traceroute-icmp
traceroute-all
tftpd
HEAD
GET
sniff
nfsshell
ssh
ricochet
axfr
whois
scanip
sctpscan
sdporn
rmiexec
arpmap
whois
who
ahost
resolv
adig
axfr
asrv
aspf
periscope
scanip.sh
aliveips.sh
brutus.pl
enum4linux.pl
mikro
ss
sshu
onesixtyone
snmpgrab
snmpcheck
ciscopush
mikrotik-client
bleach
clean
ssleak
decrypt-vpn
pogo
pogo2
sid-force
sshock
decrypt-cisco
decrypt-vnc
decrypt-cvs
Actor reference
LightBasin
UNC1945
Component
Linux
Scenario
No response
The text was updated successfully, but these errors were encountered: