MITRE ATT&CK — FreeIntelHub

T1021 — Remote Services (Lateral Movement)

2 articles found

Microsoft Security Blog TTPs Microsoft Atlassian F5 Linux 2d ago

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence server for credential theft and id...

T1078 T1021

Microsoft Security Blog →

Rapid7 Blog Vulnerability Disclosure Microsoft Rapid7 May 13

When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise

Overview Attackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust. In Apr...

T1078 T1548 T1021 +1

Rapid7 Blog →

Discovery

T1046 Network Service Discovery

Lateral Movement

T1021 Remote Services

Command and Control

T1071 Application Layer Protocol T1573 Encrypted Channel T1572 Protocol Tunneling

Exfiltration

T1041 Exfiltration Over C2 Channel T1567 Exfiltration Over Web Service

Impact

T1486 Data Encrypted for Impact T1489 Service Stop T1498 Network Denial of Service T1491 Defacement T1529 System Shutdown/Reboot

Resource Development

T1583 Acquire Infrastructure T1588 Obtain Capabilities

Reconnaissance

T1592 Gather Victim Host Information T1598 Phishing for Information

MITRE ATT&CK Mapping

T1021 — Remote Services (Lateral Movement)

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access