Compound datasets - main technique: T1003.001 LSASS Memory

[Cyb3rPandaH]

Tactics/Techniques for Compound 1: Mimikatz (LogonPasswords)

This simulation includes the following ATT&CK tactics and techniques:

TA0042 Resource Development

• T1587.001 Develop Capabilities - Malware
• T1608.001 Stage Capabilities - Upload Malware

TA0002 Execution

• T1204.002 User Execution - Malicious File

TA0007 Discovery

• T1082 System Information Discovery
• T1033 System Owner / User Discovery
• T1057 Process Discovery

TA0004 Privilege Escalation

• T1134.001 Access Token Manipulation - Token Impersonation / Theft

TA0005 Defense Evasion

• T1055.002 Process Injection - Portable Executable Injection

TA0006 Credential Access

• T1003.001 OS Credential Access - LSASS Memory

Tactics/Techniques for Compound 2: ProcDump (SysInternals)

This simulation includes the following ATT&CK tactics and techniques:

TA0042 Resource Development

• T1587.001 Develop Capabilities - Malware
• T1608.001 Stage Capabilities - Upload Malware

TA0002 Execution

• T1204.002 User Execution - Malicious File

TA0007 Discovery

• T1082 System Information Discovery
• T1033 System Owner / User Discovery

TA0011 Command & Control

• T1105 Ingress Tool Transfer

TA0006 Credential Access

• T1003.001 OS Credential Access - LSASS Memory

TA0010 Exfiltration

• T1041 Exfiltration Over C2 Channel

Tactics/Techniques for Compound 3: comsvcs.dll

This simulation includes the following ATT&CK tactics and techniques:

TA0042 Resource Development

• T1587.001 Develop Capabilities - Malware
• T1608.001 Stage Capabilities - Upload Malware

TA0002 Execution

• T1204.002 User Execution - Malicious File

TA0007 Discovery

• T1082 System Information Discovery
• T1033 System Owner / User Discovery
• T1057 Process Discovery

TA0004 Privilege Escalation

• T1543.003 Create System Process - Windows Service

TA0005 Defense Evasion

• T1055.002 Process Injection - Portable Executable Injection

TA0006 Credential Access

• T1003.001 OS Credential Access - LSASS Memory

TA0010 Exfiltration

• T1041 Exfiltration Over C2 Channel

Tactics/Techniques for Compound 4: Out-Minidump

This simulation includes the following ATT&CK tactics and techniques:

TA0042 Resource Development

• T1587.001 Develop Capabilities - Malware
• T1608.001 Stage Capabilities - Upload Malware

TA0002 Execution

• T1204.002 User Execution - Malicious File

TA0007 Discovery

• T1082 System Information Discovery
• T1033 System Owner / User Discovery

TA0006 Credential Access

• T1003.001 OS Credential Access - LSASS Memory

TA0010 Exfiltration

• T1041 Exfiltration Over C2 Channel

Tactics/Techniques for Compound 5: SharpDump

This simulation includes the following ATT&CK tactics and techniques:

TA0042 Resource Development

• T1587.001 Develop Capabilities - Malware
• T1608.001 Stage Capabilities - Upload Malware

TA0002 Execution

• T1204.002 User Execution - Malicious File

TA0007 Discovery

• T1082 System Information Discovery
• T1033 System Owner / User Discovery
• T1012 Query Registry

TA0011 Command & Control

• T1105 Ingress Tool Transfer

TA0006 Credential Access

• T1003.001 OS Credential Access - LSASS Memory

TA0010 Exfiltration

• T1041 Exfiltration Over C2 Channel

Tactics/Techniques for Compound 6: Outflank-Dumpert

This simulation includes the following ATT&CK tactics and techniques:

TA0042 Resource Development

• T1587.001 Develop Capabilities - Malware
• T1608.001 Stage Capabilities - Upload Malware

TA0002 Execution

• T1204.002 User Execution - Malicious File

TA0007 Discovery

• T1082 System Information Discovery
• T1033 System Owner / User Discovery

TA0011 Command & Control

• T1105 Ingress Tool Transfer

TA0006 Credential Access

• T1003.001 OS Credential Access - LSASS Memory

TA0010 Exfiltration

• T1041 Exfiltration Over C2 Channel

Tactics/Techniques for Compound 7: nanodump.x64.exe

This simulation includes the following ATT&CK tactics and techniques:

TA0042 Resource Development

• T1587.001 Develop Capabilities - Malware
• T1608.001 Stage Capabilities - Upload Malware

TA0002 Execution

• T1204.002 User Execution - Malicious File

TA0007 Discovery

• T1082 System Information Discovery
• T1033 System Owner / User Discovery

TA0011 Command & Control

• T1105 Ingress Tool Transfer

TA0006 Credential Access

• T1003.001 OS Credential Access - LSASS Memory

TA0010 Exfiltration

• T1041 Exfiltration Over C2 Channel