locsec/AMITT
1
Форкнуть 0
Код Задачи Запросы на слияние Действия Пакеты Проекты Релизы Вики Активность
AMITT/counters/C00182.md
Sara-Jayne Terp 8bb63006b6 Added suggested changes to countermeasures list 
- Merged C00145 into C00178. Deleted C00145
- Updated text in C00144
- Added warning label to C000139
- Merged C00137 into C00149. Deleted C00137
- Moved C00090 to TA07
- Updated text in C00211
- Updated text in C00030
- Merged C00158 into C00073. Deleted C00158
- Merged C00102 into C00101. Deleted C00102
- Merged C00089 into C00101. Deleted C00089
- Added note to C00200
- Merged C00194 into C00174. Deleted C00194
- Merged C00151 into C00190. Deleted C00151
- Updated text in C00182
- Added warning to C00122
- Updated text in C00211
- Updated text in C00030
- Merged C00215 into C00012.  Deleted C00215
- Merged C00214 into C00012. Deleted C000214
- Merged C00196 into C00012. Deleted C000196
- Updated text in C00111
- Merged C00167 into C00026.  Deleted C00167
- Added warning to C00056
- Updated text in C00172
- Merged C00171 into C00107. Deleted C00171
- Updated text in C00103
- Merged C00110 into C00195. Deleted C00110
- Updated text in C00117
- Merged C00193 into C00188. Deleted C00193
- Merged C00204 into C00188. Deleted C00204
- Moved C00217 to detections F00094
2021-05-01 21:30:13 +01:00

36 строки
904 B
Markdown
Исходник Ответственный История

# Counter C00182: Redirection / malware detection/ remediation
* **Summary**: Detect redirction or malware, then quarantine or delete. Example: (2015) Trustwave reported that a Bedep Trojan malware kit had begun infecting machines and forcing them to browse certain sites, artificially inflating traffic to a set of pro-Russia
* **Playbooks**:
* **Metatechnique**: M005 - removal
* **Resources needed:**
* **Belongs to tactic stage**: TA09
| Actors | Sectors |
| ------ | ------- |
| [A027 information security](../actors/A027.md) | Other Tech Company |
| Counters these Tactics |
| ---------------------- |
| Counters these Techniques |
| ------------------------- |
| [T0011 Hijack legitimate account](../techniques/T0011.md) |
| [T0054 Twitter bots amplify](../techniques/T0054.md) |
| Seen in incidents |
| ----------------- |
DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку