Anonymous services like TOR can be used to mask the attacker’s identity and location.

Malware/Threat actors

Name	Type	Years	Source
GRIZZLY STEPPE	threat actor	2015-2018	GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf
Dukes	ThreatActor	2008-2015	dukes_whitepaper.pdf
OnionDuke	< threat actor/malware >	2003-2015	ICIT-Brief-Know-Your-Enemies-2.0.pdf

Services

• TOR

Preventions

<Mitigation techniques>

Detections

• TOR provides a public list of exit nodes which includes IP addresses. This can be used to see if any computers in your environment are communicating with TOR

Toolkit

<Toolkit instructions, if applicable>

Similar techniques

• Public services
• Encryption
• Encoding
• Custom protocol
• Custom obfuscation
• Compression

References

• [<Source name>](<Source link>)