You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Instead of hardcoding the exfil, ransomware note, etc. in the malware or threat actor configs, create an "end state" trigger to have occur.
For example after TA & Malware go through states, based on some set configuration or action like:
Exfil incl. file staging (start zipping stuff) + (exfil via a command)
Ransom Note dropping
Email Spam (massive spamming within company?)
Destructive Actions - deletions, defacement, etc.
File encrypting
Cryptocurrency Miner deployment
Modification (add new users, new hosts, etc.)
Supply chain compromise (aka it uses the company to compromise others)
... and so on. Might be cool to have an "final stage" config on the threat actor, plus the configuration for the end state (and see if we can make it uniform or something).
The text was updated successfully, but these errors were encountered:
Instead of hardcoding the exfil, ransomware note, etc. in the malware or threat actor configs, create an "end state" trigger to have occur.
For example after TA & Malware go through states, based on some set configuration or action like:
... and so on. Might be cool to have an "final stage" config on the threat actor, plus the configuration for the end state (and see if we can make it uniform or something).
The text was updated successfully, but these errors were encountered: