Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Intel]: https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor/ #677

Open
timb-machine opened this issue May 27, 2023 · 0 comments

Comments

@timb-machine
Copy link
Owner

Area

Breach reports

Parent threat

Reconnaissance, Initial Access, Persistence, Defense Evasion, Discovery, Collection, Impact

Finding

https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor/

Industry reference

attack:T1593:Search Open Websites/Domains
attack:T1190:Exploit Public-Facing Application
attack:T1078.004:Cloud Accounts
attack:T1526:Cloud Service Discovery
attack:T1619:Cloud Storage Object Discovery
attack:T1069:Permission Groups Discovery
attack:T1069.003:Cloud Groups
attack:T1602:Data from Configuration Repository
attack:T1213.003:Code Repositories
attack:T1098:Account Manipulation
attack:T1098.003:Additional Cloud Roles
attack:T1136:Create Account
attack:T1136.003:Cloud Account
attack:T1036:Masquerading
attack:T1021.004:SSH
attack:T1578:Modify Cloud Compute Infrastructure
attack:T1578.002:Create Cloud Instance
attack:T1525:Implant Internal Image
attack:T1496:Resource Hijacking

Malware reference

No response

Actor reference

GUI-vil

Component

Linux, Hosting

Scenario

Cloud hosted services

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment