Remote Desktop
Attackers will use valid credentials to move laterally in the environment by utilizing remote desktop.
Malware/Threat actors
| Name | Type | Years | Source |
|---|---|---|---|
| Gh0st Rat | malware | 2009-2012 | Know%20Your%20Digital%20Enemy.pdf
|
| HURRICANE PANDA | threat actor | 2014 | GlobalThreatIntelReport.pdf
ICIT-Brief-China-Espionage-Dynasty.pdf Threat%20Group%20Cards.pdf GlobalThreatIntelReport.pdf |
| Axiom | threat actor | 2009-2014 | ICIT-Brief-Know-Your-Enemies-2.0.pdf
Group_72.pdf |
| BlackEnergy | malware | 2015 | ukraine-report-when-the-lights-went-out.pdf
Operation-Potao-Express_final_v2.pdf blackenergy_whitepaper.pdf |
| FIN5 | threat actor | 2008-2019 | Threat%20Group%20Cards.pdf
|
| TA505 | threat actor | 2014-2019 | CyberInt_Legit%20Remote%20Access%20Tools%20Turn%20Into%20Threat%20Actors’%20Tools_Report.pdf
|
| Shell_Crew | threat actor | 2005 | h12756-wp-shell-crew.pdf
stamp.jsp?tp=&arnumber=7460498&tag=1 |
| BlackAtlas | threat actor | 2012-2015 | Operation_Black%20Atlas_Technical_Brief.pdf
|
| Duqu Trojan | malware | 2010 | Duqu_Trojan_Questions_and_Answers.pdf
The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf stamp.jsp?tp=&arnumber=7460498&tag=1 |
Preventions
<Mitigation techniques>
Detections
<Detection techniques>
Toolkit
<Toolkit instructions, if applicable>
Similar techniques
References
[<Source name>](<Source link>)