[Intel]: https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/pygmy-goat/ncsc-mar-pygmy-goat.pdf #808
Assignees
Comments
timb-machine
added
missing:tag:Non-persistentStorage
missing:tag:T1005
missing:tag:T1021.004
missing:tag:T1027.002
missing:tag:T1053.003
missing:tag:T1070.004
missing:tag:T1083
missing:tag:T1098.004
missing:tag:T1491
missing:tag:T1546.004
missing:tag:T1552.004
missing:tag:T1574.006
missing:tag:T1590
missing:tag:wltm
ignore:tag:T1005
confirmed
ignore:tag:T1590
ignore:tag:T1552.004
ignore:tag:T1027.002
and removed
missing:tag:T1005
missing:tag:Non-persistentStorage
ignore:tag:T1005
missing:tag:wltm
new
missing:tag:T1590
missing:tag:T1574.006
missing:tag:T1552.004
missing:tag:T1027.002
labels
timb-machine
added
ignore:tag:T1021.004
ignore:tag:T1098.004
ignore:tag:T1053.003
ignore:tag:T1491
ignore:tag:T1083
ignore:tag:T1546.004
ignore:tag:T1070.004
missing:tag:Non-persistentStorage
missing:tag:T1005
missing:tag:T1574.006
missing:tag:wltm
and removed
missing:tag:T1021.004
missing:tag:T1098.004
missing:tag:T1053.003
missing:tag:T1491
missing:tag:T1083
missing:tag:T1546.004
missing:tag:T1070.004
confirmed
missing:tag:wltm
missing:tag:T1574.006
missing:tag:Non-persistentStorage
missing:tag:T1005
labels
timb-machine
added
missing:tag:Non-persistentStorage
missing:tag:T1005
missing:tag:T1574.006
missing:tag:wltm
and removed
triage
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Area
Malware reports
Parent threat
Execution, Persistence, Discovery, Collection, Command and Control, Exfiltration
Finding
https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/pygmy-goat/ncsc-mar-pygmy-goat.pdf
Industry reference
attack:T1574.006:Dynamic Linker Hijacking
attack:T1059.004:Unix Shell
attack:T1053.003:Cron
attack:T1559:Inter-Process Communication
attack:T1205.001:Port Knocking
attack:T1001.003:Protocol Impersonation
attack:T1573.002:Asymmetric Cryptography
attack:T1572:Protocol Tunneling
attack:T1560.002:Archive via Library
attack:T1041:Exfiltration Over C2 Channel
attack:T1005:Data from Local System
attack:T1124:System Time Discovery
attack:T1518:Software Discovery
attack:T1071.Application Layer Protocol
uses:BPF
uses:Non-persistentStorage
Malware reference
Pygmy Goat
EarthWorm
Earthwrom
wltm
Actor reference
No response
Component
Linux
Scenario
Enterprise with satellite facilities
The text was updated successfully, but these errors were encountered: