From: TIM: threat context-enhanced TTP intelligence mining on unstructured threat data
TTPs | Description example |
---|---|
Phishing | Dragonfly has used spearphising campaigns to gain access to victims. |
Scheduled Task/Job | Remsec schedules the execution one of its modules by creating a new scheduler task. |
Obfuscated Files or Information | Agent Tesla has had its code obfuscated in an apparent attempt to make analysis difficult. |
Deobfuscate/Decode Files or Information | Carbon decrypts task and configuration files for execution. |
Collection* | The jar file contains various classes for platform-specific implementations for capturing screenshots, capturing audio, logging keystrokes, among others. |
Application Layer Protocol | Carbon can use HTTPs in C2 communications. |