DeftTorero TTPs in 2019–2021

The tactics, techniques and procedures of the DeftTorero cyber-attack developed in the Middle East.

REFERENCE: https://securelist.com/defttorero-tactics-techniques-and-procedures/107610/

TAGS: meterpreter, credentials theft, defttorero, explosive rat, aspxspy, caterpillar

INDUSTRIES: Media, Military, Government, Education

MALWARE FAMILIES: Meterpreter, Caterpillar WebShell - S0572, ASPXSpy - S0073, Explosive - S0569

ATT&CK IDS: T1505 - Server Software Component, T1490 - Inhibit System Recovery, T1036 - Masquerading, T1021 - Remote Services, T1003 - OS Credential Dumping, T1046 - Network Service Scanning, T1059 - Command and Scripting Interpreter

Read More:

https://otx.alienvault.com/pulse/633acb17ed56f34d3779a9a4