/
Thrip_G0076.json
1 lines (1 loc) · 1012 Bytes
/
Thrip_G0076.json
1
{"description": "Enterprise techniques used by Thrip, ATT&CK group G0076 v1.0", "name": "Thrip (G0076)", "domain": "mitre-enterprise", "version": "2.2", "techniques": [{"score": 1, "techniqueID": "T1219", "techniqueName": "Remote Access Tools", "comment": "[Thrip](https://attack.mitre.org/groups/G0076) used a cloud-based remote access software called LogMeIn for their attacks."}, {"score": 1, "techniqueID": "T1086", "techniqueName": "PowerShell", "comment": "[Thrip](https://attack.mitre.org/groups/G0076) leveraged PowerShell to run commands to download payloads, traverse the compromised networks, and carry out reconnaissance."}, {"score": 1, "techniqueID": "T1048", "techniqueName": "Exfiltration Over Alternative Protocol", "comment": "[Thrip](https://attack.mitre.org/groups/G0076) has used WinSCP to exfiltrate data from a targeted organization over FTP."}], "gradient": {"colors": ["#ffffff", "#ff6666"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Thrip", "color": "#ff6666"}]}