We welcome your feedback about MITRE Engage v0.9 Beta: Email us at engage@mitre.org

Mapping To Strider

Strider is a threat group that has been active since at least 2011 and has targeted victims in Russia, China, Sweden, Belgium, Iran, and Rwanda.Disclaimer: We present this mapping to stimulate thinking about engagement activities to take advantage of the historically observed behavior of adversary, not to present all possibilities. We invite you to use this as a guide, understanding that adversary behavior is constantly changing and evolving.

Note: All ATT&CK Group sub-activity mappings have been remapped to their parent activity and were derived from Group Technique mappings in ATT&CK v8.

Details
ATT&CK ID: G0041
Associated Groups:  Strider, ProjectSauron
Note:  This page uses Adversary Group data from MITRE ATT&CK.

ATT&CK® Technique Adversary Vulnerability Engagement Activity Engagement Activity Description
Hide Artifacts When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation Software Manipulation Make changes to a system's software properties and functions to achieve a desired effect.
Hide Artifacts When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation API Monitoring Monitor local APIs that might be used by adversary tools and activity.
Hide Artifacts When adversaries discover a diverse set of accessible resources and decoy artifacts on the target, they are vulnerable to reveal their targetting preferences and capabilities Artifact Diversity Present the adversary with a variety of network and system artifacts.
Modify Authentication Process When adversaries utilize or abuse system features, software, or other resources, they may be vulnerable to monitoring or Man-in-the-Middle manipulation API Monitoring Monitor local APIs that might be used by adversary tools and activity.
Modify Authentication Process When adversaries discover enabled, accessible, or intentionally weakened/overly permissive resources in the environment, they are vulnerable to reveal additional or more advanced capabilities when exploiting or using said resource Security Controls Alter security controls to make the system more or less vulnerable to attack.
Proxy When adversaries move data across the network or interact with remote resources, they are vulnerable to network manipulations such as impacts to network availibilty, traffic filtering, degraded speeds, etc. Network Manipulation Make changes to network properties and functions to achieve a desired effect.
Proxy When adversaries interact with network or system resources they are vulnerable to trigger tripwires or engage in easily detectable, anomalous behavior Network Monitoring Monitor network traffic in order to detect adversary activity.