[Intel]: https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor/ #677
Assignees
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Area
Breach reports
Parent threat
Reconnaissance, Initial Access, Persistence, Defense Evasion, Discovery, Collection, Impact
Finding
https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor/
Industry reference
attack:T1593:Search Open Websites/Domains
attack:T1190:Exploit Public-Facing Application
attack:T1078.004:Cloud Accounts
attack:T1526:Cloud Service Discovery
attack:T1619:Cloud Storage Object Discovery
attack:T1069:Permission Groups Discovery
attack:T1069.003:Cloud Groups
attack:T1602:Data from Configuration Repository
attack:T1213.003:Code Repositories
attack:T1098:Account Manipulation
attack:T1098.003:Additional Cloud Roles
attack:T1136:Create Account
attack:T1136.003:Cloud Account
attack:T1036:Masquerading
attack:T1021.004:SSH
attack:T1578:Modify Cloud Compute Infrastructure
attack:T1578.002:Create Cloud Instance
attack:T1525:Implant Internal Image
attack:T1496:Resource Hijacking
Malware reference
No response
Actor reference
GUI-vil
Component
Linux, Hosting
Scenario
Cloud hosted services
The text was updated successfully, but these errors were encountered: