Alternative names (2)
TTPsInclude • usedTTPsRandom triples
| Subject | Object |
|---|---|
| gptkb:APT54 | living off the land |
| gptkb:APT41 | SQL injection |
| gptkb:MuddyWater_group | use of open-source tools |
| gptkb:APT41 | remote desktop protocol abuse |
| gptkb:Conti_ransomware_campaigns | use of custom ransomware builder |
| gptkb:MuddyWater_group | use of compromised email accounts |
| gptkb:Conti_ransomware_campaigns | gptkb:Windows_Defender_exclusion_abuse |
| gptkb:Conti_ransomware_campaigns | RDP brute force |
| gptkb:APT20 | use of stolen credentials |
| gptkb:Conti_ransomware_campaigns | use of cryptocurrency wallets |
| gptkb:APT41 | web server exploitation |
| gptkb:APT41 | use of legitimate software for persistence |
| gptkb:Gamaredon | use of legitimate cloud services for C2 |
| gptkb:Conti_ransomware_campaigns | gptkb:Kerberos_ticket_abuse |
| gptkb:Conti_ransomware_campaigns | use of affiliate model |
| gptkb:Stone_Panda | custom malware development |
| gptkb:APT54 | use of web shells |
| gptkb:APT20 | data exfiltration |
| gptkb:Turla_Group | use of custom backdoors |
| gptkb:APT41 | use of Cobalt Strike beacons |