User Tools

Site Tools


wiki:start

This is an old revision of the document!


How to defend ourselves?

We can use MITRE Att&ck framework to asses defensive capability across your security architecture.

The MITRE ATT&K® framework helps provide context to the Sunburst campaign. The following represent known tactics and techniques:

  • Query Registry [T1012]
  • Obfuscated Files or Information [1027]
  • Obfuscated Files or Information: Steganography [T1027.003]
  • Process Discovery [T1057]
  • Indicator Removal on Host: File Deletion [T1070.004]
  • Application Layer Protocol: Web Protocols [T1071.001]
  • Application Layer Protocol: DNS [T1071.004]
  • File and Directory Discovery [T1083]
  • Ingress Tool Transfer [T1105]
  • Data Encoding: Standard Encoding [T1132.001]
  • Supply Chain Compromise: Compromise Software Dependencies and Development Tools [ [T1195.001]
  • Supply Chain Compromise: Compromise Software Supply Chain [T1195.002]
  • Software Discovery [T1518]
  • Software Discovery: Security Software Discovery [T1518.001]
  • Create or Modify System Process: Windows Service [T1543.003]
  • Subvert Trust Controls: Code Signing [T1553.002]
  • Dynamic Resolution: Domain Generation Algorithms [T1568.002]
  • System Services: Service Execution [T1569.002]
  • Compromise Infrastructure [T1584]
wiki/start.1610260428.txt.gz · Last modified: 2021/01/10 12:03 by dk