Vulnerability scanning
A vulnerability scan detects and classifies system weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures.
Malware/Threat actors
| Name | Type | Years | Source |
|---|---|---|---|
| GRIZZLY STEPPE | threat actor | 2015-2018 | GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity
AR-17-20045_Enhanced_Analysis_of_GRIZZLY_STEPPE_Activity.pdf |
| XSLCmd | malware | 2009-2012 | XSLCmd_OSX.pdf
|
| Pitty Tiger | threat actor | 2011-2014 | Pitty_Tiger_Final_Report.pdf
|
| Rocket Kitten | threat actor | 2014-2015 | rocket-kitten-report.pdf
|
| Copy Kittens | threat actor | 2013-2017 | Operation_Wilted_Tulip%20(1).pdf
|
| CARBANAK | threat actor | 2017 | paper_the-shadows-of-ghosts-carbanak-report.pdf
stamp.jsp?tp=&arnumber=7460498&tag=1 |
| Volatile Cedar | threat actor | 2012-2014 | volatile-cedar-technical-report.pdf
|
| CARBANAK | threat actor | 2017 | paper_the-shadows-of-ghosts-carbanak-report.pdf
stamp.jsp?tp=&arnumber=7460498&tag=1 |
Preventions
- Putting a network intrusion prevention system(NIPS) inline. These devices will analyze network traffic for known malicious traffic and block when malicious activity is detected.
Detections
- Enterprise level vulnerability scanners will include unique identifiers in the traffic to specify it’s a vulnerability scanner, unless specified not too. For example, Nessus will set the SSH client identifier to
SSH-2.0-TenableRockswhen scanning hosts with SSH or Nessus may includeNessus*in the user-agent header in HTTP.
Toolkit
<Toolkit instructions, if applicable>