Alternative names (2)
TTPsInclude • usedTTPsRandom triples
| Subject | Object |
|---|---|
| gptkb:Conti_ransomware_campaigns | malicious attachments |
| gptkb:APT41 | use of legitimate software for persistence |
| gptkb:MuddyWater_group | credential harvesting |
| gptkb:Zebrocy | lateral movement |
| gptkb:Winnti | supply chain attacks |
| gptkb:Gamaredon | frequent infrastructure changes |
| gptkb:APT20 | privilege escalation |
| gptkb:Conti_ransomware_campaigns | threatening data leaks |
| gptkb:Conti_ransomware_campaigns | scheduled tasks |
| gptkb:MuddyWater_group | use of open-source tools |
| gptkb:Conti_ransomware_campaigns | phishing emails |
| gptkb:Conti_ransomware_campaigns | use of affiliate model |
| gptkb:Conti_ransomware_campaigns | use of remote desktop protocol |
| gptkb:Conti_ransomware_campaigns | public shaming of victims |
| gptkb:Stone_Panda | custom malware development |
| gptkb:Conti_ransomware_campaigns | data exfiltration |
| gptkb:APT20 | living off the land |
| gptkb:APT20 | data exfiltration |
| gptkb:APT41 | web server exploitation |
| gptkb:APT41 | use of VPNs and proxies |