/
Poseidon Group_G0033.json
1 lines (1 loc) · 2.42 KB
/
Poseidon Group_G0033.json
1
{"description": "Enterprise techniques used by Poseidon Group, ATT&CK group G0033 v1.0", "name": "Poseidon Group (G0033)", "domain": "mitre-enterprise", "version": "3.0", "techniques": [{"score": 1, "techniqueID": "T1087.001", "techniqueName": "Local Account", "comment": "[Poseidon Group](https://attack.mitre.org/groups/G0033) searches for administrator accounts on both the local victim machine and the network.(Citation: Kaspersky Poseidon Group)"}, {"score": 1, "techniqueID": "T1049", "techniqueName": "System Network Connections Discovery", "comment": "[Poseidon Group](https://attack.mitre.org/groups/G0033) obtains and saves information about victim network interfaces and addresses.(Citation: Kaspersky Poseidon Group)"}, {"score": 1, "techniqueID": "T1007", "techniqueName": "System Service Discovery", "comment": "After compromising a victim, [Poseidon Group](https://attack.mitre.org/groups/G0033) discovers all running services.(Citation: Kaspersky Poseidon Group)"}, {"score": 1, "techniqueID": "T1036.005", "techniqueName": "Match Legitimate Name or Location", "comment": "[Poseidon Group](https://attack.mitre.org/groups/G0033) tools attempt to spoof anti-virus processes as a means of self-defense.(Citation: Kaspersky Poseidon Group)"}, {"score": 1, "techniqueID": "T1059.001", "techniqueName": "PowerShell", "comment": "The [Poseidon Group](https://attack.mitre.org/groups/G0033)'s Information Gathering Tool (IGT) includes PowerShell components.(Citation: Kaspersky Poseidon Group)"}, {"score": 1, "techniqueID": "T1057", "techniqueName": "Process Discovery", "comment": "After compromising a victim, [Poseidon Group](https://attack.mitre.org/groups/G0033) lists all running processes.(Citation: Kaspersky Poseidon Group)"}, {"score": 1, "techniqueID": "T1003", "techniqueName": "OS Credential Dumping", "comment": "[Poseidon Group](https://attack.mitre.org/groups/G0033) conducts credential dumping on victims, with a focus on obtaining credentials belonging to domain and database servers.(Citation: Kaspersky Poseidon Group)"}, {"score": 1, "techniqueID": "T1087.002", "techniqueName": "Domain Account", "comment": "[Poseidon Group](https://attack.mitre.org/groups/G0033) searches for administrator accounts on both the local victim machine and the network.(Citation: Kaspersky Poseidon Group)"}], "gradient": {"colors": ["#ffffff", "#ff6666"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by Poseidon Group", "color": "#ff6666"}]}