AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Wireshark filters showing apt1 attacks1/12/2023 Technique Name: Account Discovery Technique Description Adversaries may attempt to get a listing of local system or domain accounts.Įxample commands that can acquire this information are net user, net group, and net localgroup using the () utility or through use of (). (Citation: Palo Alto OilRig April 2017) (Citation: ClearSky OilRig Jan 2017) (Citation: Palo Alto OilRig May 2016) (Citation: Palo Alto OilRig Oct 2016) (Citation: Unit 42 Playbook Dec 2017) (Citation: FireEye APT)(Citation: Unit 42 QUADAGENT July 2018) This group was previously tracked under two distinct groups, APT34 and OilRig, but was combined due to additional reporting giving higher confidence about the overlap of the activity. FireEye assesses that the group works on behalf of the Iranian government based on infrastructure details that contain references to Iran, use of Iranian infrastructure, and targeting that aligns with nation-state interests. It appears the group carries out supply chain attacks, leveraging the trust relationship between organizations to attack their primary targets. The group has targeted a variety of industries, including financial, government, energy, chemical, and telecommunications, and has largely focused its operations within the Middle East. This snippet of data is scoped to the following actor groups:Īctor: OilRig Actor Description () is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. The following content is generated using a preview release of Swimlane's pyattck.
0 Comments
Read More
Leave a Reply. |