7월 22, 2018
SentinelOne Detects Pteranodon, by Gamaredon Group
Gamaredon Group is a threat group that has been active since at least 2013 and has targeted individuals likely involved in the Ukrainian government.
Tools used by Gamaredon Group:
- Remote File Copy - Capable of downloading and executing additional payloads
- Scripting - Various batch scripts to establish C2, download additional files, and conduct other functions.
- Peripheral Device Discovery - Gamaredon Group tools contained an application to check the performance of USB flash drives.
- Data from Removable Media - File stealer, can steal data from newly connected logical volumes on a system, including USB drives.
- Exfiltration Over Command and Control Channel - A Gamaredon Group file stealer transfers collected files to a hardcoded C2 server.
- Standard Application Layer Protocol - A file stealer can communicate over HTTP for C2.
- System Information Discovery - A file stealer can gather the victim's computer name and drive serial numbers to send to a C2 server.
- System Owner/User Discovery - A file stealer can gather the victim's username to submit to a C2 server.
For more info on SentinelOne, visit https://www.sentinelone.com/platform/
-~-
관련 리소스
데이터시트
Singularity™ Complete AI 지원 엔드포인트와 클라우드 보안
점점 더 복잡해지는 보안 아키텍처와 데이터 소스, 제한된 리소스, 더욱 정교해지는 공격에 직면한 보안 팀은 AI 지원 공격 세례에 대비하느라…
지금 읽기
Resource
SentinelOne PartnerOne - America's 2025
⛳️ Last week in Pebble Beach the America's best cybersecurity partners came together for our annual PartnerOne summit. Check out…
View Asset