Remote Administration tools like TeamViewer can be used to control a machine remotely. Tools like TeamViewer are legitimate applications that are signed and may be trusted by security controls.

Malware/Threat actors

Name Type Years Source
TeamSpy threat actor 2008-2013 theteamspystory_final_t2.pdf

PLA threat actor 2002-2009 Cyber-030.pdf

Crouching Tiger threat actor These attacks are far from random or indiscriminate. These attacks are designed to steal information that will fulfil a clear set of requirements set by the Chinese state and furnish them with political, commercial and security/intelligence information. These requirements are carefully and clearly identified, shared with a number of government departments and constantly updated. There is evidence of worldwide targeting but only a minority of attacks are identified and fewer still made public. Crouching_tiger_hidden_dragon.pdf

Kimsuky threat actor 2013 Kimsuky.pdf

BlackEnergy malware 2015 ukraine-report-when-the-lights-went-out.pdf

Operation-Potao-Express_final_v2.pdf

blackenergy_whitepaper.pdf

Group-IB < threat actor/malware > 2016-2017 Group-IB_MoneyTaker_report.pdf

Group-IB_Lazarus.pdf

Anunak_APT_against_financial_institutions.pdf

TA505 threat actor 2014-2019 CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors’%20Tools_Report.pdf

APT10 threat actor 2018 cloud-hopper-report-final-v4.pdf

cloud-hopper-report-final-upda_72977.pdf

cta-2019-0206.pdf

Naikon threat actor 2013-2015 TheNaikonAPT-MsnMM1.pdf

Threat%20Group%20Cards.pdf

stamp.jsp?tp=&arnumber=7460498&tag=1

Lazarus Group threat actor 2011-2014 Operation-Blockbuster-Report.pdf

Operation-Blockbuster-RAT-and-Staging-Report.pdf

Operation-Blockbuster-Loaders-Installers-and-Uninstallers-Report.pdf

Operation-Blockbuster-Destructive-Malware-Report.pdf

Tools

Preventions

<Mitigation techniques>

Detections

<Detection techniques>

Toolkit

<Toolkit instructions, if applicable>

Similar techniques

References