/
Threat Group-1314_G0028.json
1 lines (1 loc) · 1.25 KB
/
Threat Group-1314_G0028.json
1
{"description": "Enterprise techniques used by Threat Group-1314, ATT&CK group G0028 v1.0", "name": "Threat Group-1314 (G0028)", "domain": "mitre-enterprise", "version": "2.2", "techniques": [{"score": 1, "techniqueID": "T1059", "techniqueName": "Command-Line Interface", "comment": "[Threat Group-1314](https://attack.mitre.org/groups/G0028) actors spawned shells on remote systems on a victim network to execute commands."}, {"score": 1, "techniqueID": "T1077", "techniqueName": "Windows Admin Shares", "comment": "[Threat Group-1314](https://attack.mitre.org/groups/G0028) actors mapped network drives using <code>net use</code>."}, {"score": 1, "techniqueID": "T1072", "techniqueName": "Third-party Software", "comment": "[Threat Group-1314](https://attack.mitre.org/groups/G0028) actors used a victim's endpoint management platform, Altiris, for lateral movement."}, {"score": 1, "techniqueID": "T1078", "techniqueName": "Valid Accounts", "comment": "[Threat Group-1314](https://attack.mitre.org/groups/G0028) actors used compromised credentials for the victim's endpoint management platform, Altiris, to move laterally."}], "gradient": {"colors": ["#ffffff", "#ff6666"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Threat Group-1314", "color": "#ff6666"}]}