[Intel]: https://www.mandiant.com/resources/unc2891-overview #112
Assignees
Labels
missing:tag:Non-persistentStorage
missing:tag:T1003.008
missing:tag:T1005
missing:tag:T1007
missing:tag:T1021.002
missing:tag:T1037
missing:tag:T1048
missing:tag:T1053.006
missing:tag:T1057
missing:tag:T1070.004
missing:tag:T1071.001
missing:tag:T1078.003
missing:tag:T1491
missing:tag:T1543.002
missing:tag:T1546.004
missing:tag:T1567
missing:tag:T1573
missing:tag:T1590
Comments
timb-machine
added
missing:tag:Non-persistentStorage
missing:tag:T1003.008
missing:tag:T1005
missing:tag:T1021.002
missing:tag:T1048
missing:tag:T1057
missing:tag:T1070.004
missing:tag:T1071.001
missing:tag:T1078.003
missing:tag:T1491
missing:tag:T1546.004
missing:tag:T1567
missing:tag:T1573
and removed
confirmed
labels
timb-machine
added
missing:tag:Systemd
missing:tag:T1037
and removed
missing:tag:Systemd
labels
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Area
Malware reports
Parent threat
Lateral Movement, Credential Access, Execution, Defense Evasion, Persistence
Finding
https://www.mandiant.com/resources/unc2891-overview
Industry reference
attack:T1021.004:SSH
attack:T1003.008:/etc/passwd and /etc/shadow
attack:T1552.003:Bash History
attack:T1552.004:Private Keys
attack:T1556.003:Pluggable Authentication Modules
attack:T1053.001:At (Linux)
attack:T1059.004:Unix Shell
attack:T1014:Rootkit
attack:T1070.002:Clear Linux or Mac System Logs
attack:T1548.001:Setuid and Setgid
attack:T1543.002:Systemd Service
attack:T1547.006:Kernel Modules and Extensions
Malware reference
#134
TINYSHELL
SLAPSTICK
CAKETAP
WIPERIGHT
MIG Logcleaner
#154
BINBASH
Actor reference
UNC2891
UNC1945
LightBasin
Component
Linux, Solaris, Banking
Scenario
No response
The text was updated successfully, but these errors were encountered: