/
Leafminer_G0077.json
1 lines (1 loc) · 2.69 KB
/
Leafminer_G0077.json
1
{"description": "Enterprise techniques used by Leafminer, ATT&CK group G0077 v1.0", "name": "Leafminer (G0077)", "domain": "mitre-enterprise", "version": "2.2", "techniques": [{"score": 1, "techniqueID": "T1136", "techniqueName": "Create Account", "comment": "[Leafminer](https://attack.mitre.org/groups/G0077) used a tool called Imecab to set up a persistent remote access account on the victim machine."}, {"score": 1, "techniqueID": "T1083", "techniqueName": "File and Directory Discovery", "comment": "[Leafminer](https://attack.mitre.org/groups/G0077) used a tool called MailSniper to search for files on the desktop and another utility called Sobolsoft to extract attachments from EML files."}, {"score": 1, "techniqueID": "T1108", "techniqueName": "Redundant Access", "comment": "[Leafminer](https://attack.mitre.org/groups/G0077) used a tool called Imecab to set up a persistent remote access account on the victim machine."}, {"score": 1, "techniqueID": "T1114", "techniqueName": "Email Collection", "comment": "[Leafminer](https://attack.mitre.org/groups/G0077) used a tool called MailSniper to search through the Exchange server mailboxes for keywords."}, {"score": 1, "techniqueID": "T1110", "techniqueName": "Brute Force", "comment": "[Leafminer](https://attack.mitre.org/groups/G0077) used a tool called BruteForcer to perform a brute force attack."}, {"score": 1, "techniqueID": "T1189", "techniqueName": "Drive-by Compromise", "comment": "[Leafminer](https://attack.mitre.org/groups/G0077) has infected victims using watering holes."}, {"score": 1, "techniqueID": "T1046", "techniqueName": "Network Service Scanning", "comment": "[Leafminer](https://attack.mitre.org/groups/G0077) scanned network services to search for vulnerabilities in the victim system."}, {"score": 1, "techniqueID": "T1003", "techniqueName": "Credential Dumping", "comment": "[Leafminer](https://attack.mitre.org/groups/G0077) used several tools for retrieving login and password information."}, {"score": 1, "techniqueID": "T1027", "techniqueName": "Obfuscated Files or Information", "comment": "[Leafminer](https://attack.mitre.org/groups/G0077) obfuscated scripts that were used on victim machines."}, {"score": 1, "techniqueID": "T1064", "techniqueName": "Scripting", "comment": "[Leafminer](https://attack.mitre.org/groups/G0077) infected victims using JavaScript code."}, {"score": 1, "techniqueID": "T1018", "techniqueName": "Remote System Discovery", "comment": "[Leafminer](https://attack.mitre.org/groups/G0077) used Microsoft\u2019s Sysinternals tools to gather detailed information about remote systems."}], "gradient": {"colors": ["#ffffff", "#ff6666"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Leafminer", "color": "#ff6666"}]}