Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Intel]: https://www.cadosecurity.com/updates-to-legion-a-cloud-credential-harvester-and-smtp-hijacker/ #678

Open
timb-machine opened this issue May 27, 2023 · 0 comments

Comments

@timb-machine
Copy link
Owner

Area

Malware reports

Parent threat

Reconnaissance, Initial Access, Persistence, Privilege Escalation, Defense Evasion

Finding

https://www.cadosecurity.com/updates-to-legion-a-cloud-credential-harvester-and-smtp-hijacker/

Industry reference

attack:T1594:Search Victim-Owned Websites
attack:T1589:Gather Victim Identity Information
attack:T1589.001:Credentials
attack:T1133:External Remote Services
attack:T1078:Valid Accounts

Malware reference

Legion
wltm

Actor reference

No response

Component

Linux

Scenario

Cloud hosted services

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment