Different C2 channels are used to connect to the attacker (HTTP, HTTPS, TCP).
SPYHUNTER 5 VS KASPERSKY CODE
The tests involve both staged and non-staged malware samples, and deploy obfuscation and/or encryption of malicious code before execution (Base64, AES). Popular scripting languages (JavaScript, batch files, PowerShell, Visual Basic scripts, etc.) are used. We make use of system programs, in an attempt to bypass signature-based detection. The tests use a range of techniques and resources, mimicking malware used in the real world. A false alarm test is also included in the report. All our tests use a subset of the TTP (Tactics, Techniques, Procedures) listed in the MITRE ATT&CK framework. These attacks can be broken down into Lockheed Martin’s Cybersecurity Kill Chain, and seven distinct phases – each with unique IOCs (Indicators of Compromise) for the victims. In our “Enhanced Real-World Test”, we use hacking and penetration techniques that allow attackers to access internal computer systems. The tools employed include heavily obfuscated malicious code, the malicious use of benign system tools, and non-file-based malicious code. Such attacks are very purposeful, and usually involve highly specialized tools. Different aims of such attacks could be stealing / substituting / damaging confidential information, or establishing sabotage capabilities, the last of which could lead to financial and reputational damage of the targeted organisations. Advanced Persistent Threat (APT) is a term commonly used to describe a targeted cyber-attack that employs a complex set of methods and techniques to penetrate information system(s).
0 kommentar(er)
