SOC Incident Toolkit
Back to Campaigns
StrongPity Expand It's Target

StrongPity Expand It's Target

Promethium APT-C-41

StrongPity, also known as APT-C-41 and Promethium, is a cyber espionage group that has been active since at least 2012. The group's initial focus was on targeting individuals and organizations in Syria and Turkey, but their campaigns have since expanded to encompass a wider range of targets across Africa, Asia, Europe, and North America. The group uses various methods such as watering hole attacks and phishing messages to infiltrate targeted systems and steal sensitive information. These attacks are designed to activate the killchain, which is the sequence of actions taken by the attackers to gain access, establish control, and exfiltrate data from the targeted systems.

Indicators of Compromise

Domains (10)

cybertik.netnetworksoftwaresegment.comhostoperationsystems.comupeg-system-app.comintagrefedcircuitchip.comegov.synetworktopologymaps.comwww.upn-sec3-msd.comconfig.propertiesupn-sec3-msd.com

Hashes (35)

d44818c061269930e50868445a3418a0780903fea9378a5469319faffc48f3aa70f5b352d5acb7d361c5177a9aac90d9c58bb628f105ea7298ab01427d81a440f35df9703ea33aa85a15f516d5c58b23e19d6a39325b4b5c5590bde062eab80792db53bf945ff0f835790d3648f67be806b4e823280f03ee5512ffd58deb6f37ecc80842265d4e8d2ca30055d9d34d6627ae3150bd574b6523995d9a3bfad08b9ac63af5ecf9aa59265ed24d0c76d91e374d92f553c28e9dad1aa7f5d334a07dede1e5ad19c3766efde74290d0c49afbd9a71b13d3061be12ee4905647ddc2f1189f00debe1593bd1f1d5a4d05217f0492832e13bddd61281d8e109668ea5c64920fe9b2596257ef017b02ba6961869d78a2317500a45f00c76682a22bbdbd3391857b5d5a5910c2c9180382fcf7a939e9909044f0e8918b75dc2829abb951ff970debfba9f66d4d7c6b7c48a823a911dd5874f74ac63d7bcc7105b1e9a798eacc0adbcd04cd8aff3f936ea1d011d9fa916bce7176f88a1045cd53f0f754874a76e3b75a5a5c7fe849ddae318946973ba7213981f02648a9260e69b8eaac2f3ce46b76cadbd7261fe750dbb9b0a82f262afeb29869bf7bc92cadd1b7f14ef888670553e6+15 more

IPv4 (2)

185.12.46.138141.255.161.185

APT Groups

PROMETHIUM

Turkey

Notes

<div>StrongPity is a type of malware that has been used in targeted attacks against individuals and organizations. It is a type of APT (Advanced Persistent Threat) malware, which is designed to evade detection and maintain a persistent presence on a compromised system. The malware is typically delivered via phishing emails or malicious websites, and once installed, it can gather information, steal credentials, and open a backdoor to the attackers.</div><div><br></div><div>Promethium APT is a cyber espionage group that is known to target government organizations, defense contractors, and other high-value targets. The group is thought to be operating out of Russia and is believed to be using a number of different malware tools, including StrongPity, in order to gain access to target systems and exfiltrate data. It is a highly sophisticated APT group that is known to use advanced techniques to evade detection and maintain a presence on infected systems.</div><div><br></div><div>In general, both StrongPity and Promethium APT are considered to be very serious threats and organizations should take steps to protect themselves from these types of attacks. This includes implementing security best practices such as patching systems regularly, using anti-virus software, and educating employees about the risks of phishing emails and other social engineering tactics.</div>

Mitigation

Techniques Used<br><table class="MsoNormalTable" border="1" cellspacing="0" cellpadding="0" style="width: 1025.45pt; background-image: initial; background-position: initial; background-size: initial; background-repeat: initial; background-attachment: initial; background-origin: initial; background-clip: initial; border-collapse: collapse; border: none;"> <thead> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:solid #DEE2E6 1.5pt; background:#F2F2F2;padding:.75pt .75pt .75pt .75pt;"> <p class="MsoNormal" align="center" style="margin-bottom:0cm;text-align:center; line-height:normal;"><b><span style="font-size:12.0pt;font-family:&quot; color:black;">Domain</span></b></p> </td> <td colspan="2" style="border-top:solid #DFDFDF 1.0pt; border-left:none;border-bottom:solid #DEE2E6 1.5pt;border-right:solid #DFDFDF 1.0pt; background:#F2F2F2;padding:.75pt .75pt .75pt .75pt;"> <p class="MsoNormal" align="center" style="margin-bottom:0cm;text-align:center; line-height:normal;"><b><span style="font-size:12.0pt;font-family:&quot; color:black;">ID</span></b></p> </td> <td style="border-top:solid #DFDFDF 1.0pt;border-left:none; border-bottom:solid #DEE2E6 1.5pt;border-right:solid #DFDFDF 1.0pt; background:#F2F2F2;padding:.75pt .75pt .75pt .75pt;"> <p class="MsoNormal" align="center" style="margin-bottom:0cm;text-align:center; line-height:normal;"><b><span style="font-size:12.0pt;font-family:&quot; color:black;">Name</span></b></p> </td> <td style="border-top:solid #DFDFDF 1.0pt;border-left:none; border-bottom:solid #DEE2E6 1.5pt;border-right:solid #DFDFDF 1.0pt; background:#F2F2F2;padding:.75pt .75pt .75pt .75pt;"> <p class="MsoNormal" align="center" style="margin-bottom:0cm;text-align:center; line-height:normal;"><b><span style="font-size:12.0pt;font-family:&quot; color:black;">Use</span></b></p> </td> </tr> </thead> <tbody><tr> <td style="border-top:none;border-left:solid #DFDFDF 1.0pt; border-bottom:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td style="border:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">T1071</span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">.001</span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1071"><span style="color: black;">Application Layer Protocol</span></a>:&nbsp;<a href="https://attack.mitre.org/techniques/T1071/001"><span style="color: black;">Web Protocols</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;can use HTTP and HTTPS in C2 communications.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td style="border-top:solid #DFDFDF 1.0pt;border-left:none; border-bottom:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1560"><span style="color: black;">T1560</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1560/003"><span style="color: black;">.003</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1560"><span style="color: black;">Archive Collected Data</span></a>:&nbsp;<a href="https://attack.mitre.org/techniques/T1560/003"><span style="color: black;">Archive via Custom Method</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;can compress and encrypt archived files into multiple .sft files with a repeated xor encryption scheme.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td colspan="2" style="border-top:solid #DFDFDF 1.0pt;border-left: none;border-bottom:none;border-right:solid #DFDFDF 1.0pt;padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1119"><span style="color: black;">T1119</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1119"><span style="color: black;">Automated Collection</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;has a file searcher component that can automatically collect and archive files based on a predefined list of file extensions.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td colspan="2" style="border-top:solid #DFDFDF 1.0pt;border-left: none;border-bottom:none;border-right:solid #DFDFDF 1.0pt;padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1020"><span style="color: black;">T1020</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1020"><span style="color: black;">Automated Exfiltration</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;can automatically exfiltrate collected documents to the C2 server.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td style="border-top:solid #DFDFDF 1.0pt;border-left:none; border-bottom:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1547"><span style="color: black;">T1547</span></a></span></p> </td> <td style="border:solid #DFDFDF 1.0pt;border-left:none;padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1547/001"><span style="color: black;">.001</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1547"><span style="color: black;">Boot or Logon Autostart Execution</span></a>:&nbsp;<a href="https://attack.mitre.org/techniques/T1547/001"><span style="color: black;">Registry Run Keys / Startup Folder</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;can use the&nbsp;</span><span style="font-size:10.5pt;font-family:Courier; color:black;background:#E6E6E6;">HKCU\Software\Microsoft\Windows\CurrentVersion\Run</span><span style="font-size:12.0pt;font-family:&quot;color:black;">&nbsp;Registry key for persistence.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td style="border-top:solid #DFDFDF 1.0pt;border-left:none; border-bottom:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1059"><span style="color: black;">T1059</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1059/001"><span style="color: black;">.001</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1059"><span style="color: black;">Command and Scripting Interpreter</span></a>:&nbsp;<a href="https://attack.mitre.org/techniques/T1059/001"><span style="color: black;">PowerShell</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;can use PowerShell to add files to the Windows Defender exclusions list.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td style="border-top:solid #DFDFDF 1.0pt;border-left:none; border-bottom:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1543"><span style="color: black;">T1543</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1543/003"><span style="color: black;">.003</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1543"><span style="color: black;">Create or Modify System Process</span></a>:&nbsp;<a href="https://attack.mitre.org/techniques/T1543/003"><span style="color: black;">Windows Service</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;has created new services and modified existing services for persistence.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td style="border-top:solid #DFDFDF 1.0pt;border-left:none; border-bottom:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1573"><span style="color: black;">T1573</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1573/002"><span style="color: black;">.002</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1573"><span style="color: black;">Encrypted Channel</span></a>:&nbsp;<a href="https://attack.mitre.org/techniques/T1573/002"><span style="color: black;">Asymmetric Cryptography</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;has encrypted C2 traffic using SSL/TLS.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td colspan="2" style="border-top:solid #DFDFDF 1.0pt;border-left: none;border-bottom:none;border-right:solid #DFDFDF 1.0pt;padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1041"><span style="color: black;">T1041</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1041"><span style="color: black;">Exfiltration Over C2 Channel</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;can exfiltrate collected documents through C2 channels.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td colspan="2" style="border-top:solid #DFDFDF 1.0pt;border-left: none;border-bottom:none;border-right:solid #DFDFDF 1.0pt;padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1083"><span style="color: black;">T1083</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1083"><span style="color: black;">File and Directory Discovery</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;can parse the hard drive on a compromised host to identify specific file extensions.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td style="border-top:solid #DFDFDF 1.0pt;border-left:none; border-bottom:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1564"><span style="color: black;">T1564</span></a></span></p> </td> <td style="border:solid #DFDFDF 1.0pt;border-left:none;padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1564/003"><span style="color: black;">.003</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1564"><span style="color: black;">Hide Artifacts</span></a>:&nbsp;<a href="https://attack.mitre.org/techniques/T1564/003"><span style="color: black;">Hidden Window</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;has the ability to hide the console window for its document search module from the user.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td style="border-top:solid #DFDFDF 1.0pt;border-left:none; border-bottom:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1562"><span style="color: black;">T1562</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1562/001"><span style="color: black;">.001</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1562"><span style="color: black;">Impair Defenses</span></a>:&nbsp;<a href="https://attack.mitre.org/techniques/T1562/001"><span style="color: black;">Disable or Modify Tools</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;can add directories used by the malware to the Windows Defender exclusions list to prevent detection.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td style="border-top:solid #DFDFDF 1.0pt;border-left:none; border-bottom:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1070"><span style="color: black;">T1070</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1070/004"><span style="color: black;">.004</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1070"><span style="color: black;">Indicator Removal</span></a>:&nbsp;<a href="https://attack.mitre.org/techniques/T1070/004"><span style="color: black;">File Deletion</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;can delete previously exfiltrated files from the compromised host.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td colspan="2" style="border-top:solid #DFDFDF 1.0pt;border-left: none;border-bottom:none;border-right:solid #DFDFDF 1.0pt;padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1105"><span style="color: black;">T1105</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1105"><span style="color: black;">Ingress Tool Transfer</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;can download files to specified targets.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td style="border-top:solid #DFDFDF 1.0pt;border-left:none; border-bottom:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1036"><span style="color: black;">T1036</span></a></span></p> </td> <td style="border:solid #DFDFDF 1.0pt;border-left:none;padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1036/004"><span style="color: black;">.004</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1036"><span style="color: black;">Masquerading</span></a>:&nbsp;<a href="https://attack.mitre.org/techniques/T1036/004"><span style="color: black;">Masquerade Task or Service</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;has named services to appear legitimate.</span></p> </td> </tr> <tr> <td width="40" style="width:30.0pt;border-top:none;border-left:solid #DFDFDF 1.0pt; border-bottom:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"></td> <td width="40" style="width:30.0pt;border:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"></td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1036/005"><span style="color: black;">.005</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1036"><span style="color: black;">Masquerading</span></a>:&nbsp;<a href="https://attack.mitre.org/techniques/T1036/005"><span style="color: black;">Match Legitimate Name or Location</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;has been bundled with legitimate software installation files for disguise.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td colspan="2" style="border-top:solid #DFDFDF 1.0pt;border-left: none;border-bottom:none;border-right:solid #DFDFDF 1.0pt;padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1571"><span style="color: black;">T1571</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1571"><span style="color: black;">Non-Standard Port</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;has used HTTPS over port 1402 in C2 communication.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td colspan="2" style="border-top:solid #DFDFDF 1.0pt;border-left: none;border-bottom:none;border-right:solid #DFDFDF 1.0pt;padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1027"><span style="color: black;">T1027</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1027"><span style="color: black;">Obfuscated Files or Information</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;has used encrypted strings in its dropper component.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td colspan="2" style="border-top:solid #DFDFDF 1.0pt;border-left: none;border-bottom:none;border-right:solid #DFDFDF 1.0pt;padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1057"><span style="color: black;">T1057</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1057"><span style="color: black;">Process Discovery</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;can determine if a user is logged in by checking to see if explorer.exe is running.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td style="border-top:solid #DFDFDF 1.0pt;border-left:none; border-bottom:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1090"><span style="color: black;">T1090</span></a></span></p> </td> <td style="border:solid #DFDFDF 1.0pt;border-left:none;padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1090/003"><span style="color: black;">.003</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1090"><span style="color: black;">Proxy</span></a>:&nbsp;<a href="https://attack.mitre.org/techniques/T1090/003"><span style="color: black;">Multi-hop Proxy</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;can use multiple layers of proxy servers to hide terminal nodes in its infrastructure.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td style="border-top:solid #DFDFDF 1.0pt;border-left:none; border-bottom:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1518"><span style="color: black;">T1518</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1518/001"><span style="color: black;">.001</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1518"><span style="color: black;">Software Discovery</span></a>:&nbsp;<a href="https://attack.mitre.org/techniques/T1518/001"><span style="color: black;">Security Software Discovery</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;can identify if ESET or BitDefender antivirus are installed before dropping its payload.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td style="border-top:solid #DFDFDF 1.0pt;border-left:none; border-bottom:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1553"><span style="color: black;">T1553</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1553/002"><span style="color: black;">.002</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1553"><span style="color: black;">Subvert Trust Controls</span></a>:&nbsp;<a href="https://attack.mitre.org/techniques/T1553/002"><span style="color: black;">Code Signing</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;has been signed with self-signed certificates.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td colspan="2" style="border-top:solid #DFDFDF 1.0pt;border-left: none;border-bottom:none;border-right:solid #DFDFDF 1.0pt;padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1082"><span style="color: black;">T1082</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1082"><span style="color: black;">System Information Discovery</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;can identify the hard disk volume serial number on a compromised host.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td colspan="2" style="border-top:solid #DFDFDF 1.0pt;border-left: none;border-bottom:none;border-right:solid #DFDFDF 1.0pt;padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1016"><span style="color: black;">T1016</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1016"><span style="color: black;">System Network Configuration Discovery</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;can identify the IP address of a compromised host.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td style="border-top:solid #DFDFDF 1.0pt;border-left:none; border-bottom:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1569"><span style="color: black;">T1569</span></a></span></p> </td> <td style="border:solid #DFDFDF 1.0pt;border-left:none;padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1569/002"><span style="color: black;">.002</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1569"><span style="color: black;">System Services</span></a>:&nbsp;<a href="https://attack.mitre.org/techniques/T1569/002"><span style="color: black;">Service Execution</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;can install a service to execute itself as a service.</span></p> </td> </tr> <tr> <td style="border:solid #DFDFDF 1.0pt;border-bottom:none; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;">Enterprise</span></p> </td> <td style="border-top:solid #DFDFDF 1.0pt;border-left:none; border-bottom:none;border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1204"><span style="color: black;">T1204</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1204/002"><span style="color: black;">.002</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/techniques/T1204"><span style="color: black;">User Execution</span></a>:&nbsp;<a href="https://attack.mitre.org/techniques/T1204/002"><span style="color: black;">Malicious File</span></a></span></p> </td> <td style="border-top:none;border-left:none;border-bottom:solid #DFDFDF 1.0pt; border-right:solid #DFDFDF 1.0pt; padding:7.5pt 7.5pt 7.5pt 7.5pt;"> <p class="MsoNormal" style="margin-bottom:0cm;line-height:normal;"><span style="font-size:12.0pt;font-family:&quot;color:black;"><a href="https://attack.mitre.org/software/S0491"><span style="color: black;">StrongPity</span></a>&nbsp;has been executed via compromised installation files for legitimate software including compression applications, security software, browsers, file recovery applications, and other tools and utilities.</span></p> </td> </tr> </tbody></table> <p class="MsoNormal"><br></p><p class="MsoNormal">It is recommended to only download software from the official Google Play Store and to be cautious of apps from third-party sources. Be wary of apps that request excessive permissions or accessibility services.&nbsp; Keep in mind that rooting a device can decrease its protection against malware.<br></p><p class="MsoNormal">Mitigating the threat posed by groups like StrongPity requires a multi-layered approach that includes both technical and non-technical measures. Some steps that organizations can take to protect themselves from this type of attack include:</p><p class="MsoNormal">Implementing strong security controls: Organizations should ensure that they have robust firewall and intrusion prevention systems in place to protect against known threats and detect and block malicious traffic.</p><p class="MsoNormal">Regularly updating software and systems: Organizations should make sure that all software and systems are up-to-date with the latest security patches to address known vulnerabilities.</p><p class="MsoNormal">Conducting regular security assessments: Organizations should conduct regular security assessments, including vulnerability scans and penetration testing, to identify and address potential security weaknesses.</p><p class="MsoNormal">Employee awareness and training: Organizations should provide regular training to employees on how to identify and respond to phishing and social engineering attacks, as well as to be aware of the watering hole attack.</p><p class="MsoNormal">Monitoring network and systems: Organizations should monitor their networks and systems for unusual activity, such as unexpected outbound connections or data exfiltration, and should have incident response plan in place.</p><p class="MsoNormal">Getting external help: Organizations should consider hiring specialized security firms that can help to identify and mitigate the risk from APT groups.</p><p class="MsoNormal">It is important to note that no single measure can fully protect against advanced persistent threats like StrongPity, and organizations should implement a combination of these measures to reduce the risk of a successful attack.</p><p class="MsoNormal"><br></p>