You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
It is assumed that [[APT28]] hacked the company via a [[Spearphishing Link - T1598.003|Spearphishing Link]] to the malware [[ADVSTORESHELL]] hosted on a [[Virtual Private Server - T1583.003|virtual private server]] to gain access and run a [[Tool - T1588.002|tool]] which in this case was [[Mimikatz]]. After that [[APT28]] used [[Elevated Execution with Prompt - T1548.004|Elevated Execution with Prompt]] and exfiltrated [[Data from Local System - T1005]].
It is assumed that [[APT28]] hacked the company via a [[Spearphishing Link - T1598.003|Spearphishing Link]] to the malware [[ADVSTORESHELL]] hosted on a [[Virtual Private Server - T1583.003|virtual private server]] to gain access and run a [[Tool - T1588.002|tool]] which in this case was [[Mimikatz]]. After that [[APT28]] used [[Elevated Execution with Prompt - T1548.004|Elevated Execution with Prompt]] and exfiltrated [[Data from Local System - T1005]].
