[Intel]: https://www.mandiant.com/resources/unc2891-overview #112
Labels
missing:tag:Non-persistentStorage
missing:tag:T1003.008
missing:tag:T1005
missing:tag:T1007
missing:tag:T1021.002
missing:tag:T1037
missing:tag:T1048
missing:tag:T1053.006
missing:tag:T1057
missing:tag:T1070.004
missing:tag:T1071.001
missing:tag:T1078.003
missing:tag:T1491
missing:tag:T1543.002
missing:tag:T1546.004
missing:tag:T1567
missing:tag:T1573
missing:tag:T1590
Area
Malware reports
Parent threat
Lateral Movement, Credential Access, Execution, Defense Evasion, Persistence
Finding
https://www.mandiant.com/resources/unc2891-overview
Industry reference
attack:T1021.004:SSH
attack:T1003.008:/etc/passwd and /etc/shadow
attack:T1552.003:Bash History
attack:T1552.004:Private Keys
attack:T1556.003:Pluggable Authentication Modules
attack:T1053.001:At (Linux)
attack:T1059.004:Unix Shell
attack:T1014:Rootkit
attack:T1070.002:Clear Linux or Mac System Logs
attack:T1548.001:Setuid and Setgid
attack:T1543.002:Systemd Service
attack:T1547.006:Kernel Modules and Extensions
Malware reference
#134
TINYSHELL
SLAPSTICK
CAKETAP
WIPERIGHT
MIG Logcleaner
#154
BINBASH
Actor reference
UNC2891
UNC1945
LightBasin
Component
Linux, Solaris, Banking
Scenario
No response
The text was updated successfully, but these errors were encountered: