/
The White Company_G0089.json
1 lines (1 loc) · 2.23 KB
/
The White Company_G0089.json
1
{"description": "Enterprise techniques used by The White Company, ATT&CK group G0089 v1.0", "name": "The White Company (G0089)", "domain": "mitre-enterprise", "version": "2.2", "techniques": [{"score": 1, "techniqueID": "T1193", "techniqueName": "Spearphishing Attachment", "comment": "[The White Company](https://attack.mitre.org/groups/G0089) has sent phishing emails with malicious Microsoft Word attachments to victims."}, {"score": 1, "techniqueID": "T1204", "techniqueName": "User Execution", "comment": "[The White Company](https://attack.mitre.org/groups/G0089) has used phishing lure documents that trick users into opening them and infecting their computers."}, {"score": 1, "techniqueID": "T1203", "techniqueName": "Exploitation for Client Execution", "comment": " [The White Company](https://attack.mitre.org/groups/G0089) has taken advantage of a known vulnerability in Microsoft Word (CVE 2012-0158) to execute code."}, {"score": 1, "techniqueID": "T1045", "techniqueName": "Software Packing", "comment": "[The White Company](https://attack.mitre.org/groups/G0089) has obfuscated their payloads through packing."}, {"score": 1, "techniqueID": "T1497", "techniqueName": "Virtualization/Sandbox Evasion", "comment": "[The White Company](https://attack.mitre.org/groups/G0089) has performed anti-analysis checks to determine if its malware was in a debugging environment."}, {"score": 1, "techniqueID": "T1107", "techniqueName": "File Deletion", "comment": "[The White Company](https://attack.mitre.org/groups/G0089) has the ability to delete its malware entirely from the target system."}, {"score": 1, "techniqueID": "T1063", "techniqueName": "Security Software Discovery", "comment": "[The White Company](https://attack.mitre.org/groups/G0089) has checked for specific antivirus products on the target\u2019s computer, including Kaspersky, Quick Heal, AVG, BitDefender, Avira, Sophos, Avast!, and ESET."}, {"score": 1, "techniqueID": "T1124", "techniqueName": "System Time Discovery", "comment": "[The White Company](https://attack.mitre.org/groups/G0089) has checked the current date on the victim system."}], "gradient": {"colors": ["#ffffff", "#ff6666"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by The White Company", "color": "#ff6666"}]}