APT 그룹 허브
Sandworm Team G0034
이 그룹을 다룬 REVELARE 한국어 분석 2편 · 사용 기법 79개 · 별칭 ELECTRUM, Telebots, IRON VIKING
이 그룹을 다룬 분석
주요 사용 기법
- T1005Data from Local System
- T1018Remote System Discovery
- T1027Obfuscated Files or Information
- T1033System Owner/User Discovery
- T1036Masquerading
- T1040Network Sniffing
- T1041Exfiltration Over C2 Channel
- T1047Windows Management Instrumentation
- T1049System Network Connections Discovery
- T1072Software Deployment Tools
- T1078Valid Accounts
- T1082System Information Discovery
- T1083File and Directory Discovery
- T1090Proxy
- T1105Ingress Tool Transfer
- T1106Native API
- T1133External Remote Services
- T1140Deobfuscate/Decode Files or Information
- T1190Exploit Public-Facing Application
- T1195Supply Chain Compromise
MITRE 공식 정의
[Sandworm Team](https://attack.mitre.org/groups/G0034) is a destructive threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) Main Center for Special Technologies (GTsST) military unit 74455.(Citation: US District Court Indictment GRU Unit 74455 October 2020)(Citation: UK NCSC Olympic Attacks October 2020) This group has been active since at least 2009.(Citation: iSIGHT Sandworm 2014)(Citation: CrowdStrike VOODOO BEAR)(Citation: U…