Cyber Kill Chain

Tactics
Click the card to flip 👆
1 / 22
Terms in this set (22)
Tactics
The way the threat actor operates during different steps of its operation or campaign.
Techniques
Techniques are meant to facilitate the initial compromise, maintain command and control centers, move within the target's infrastructure, hide data exfiltration and so on.
Procedures
A special sequence of actions
7 Steps of the Cyber Kill Chain
Reconnaissance, Weaponization, Delivery, Exploitation, Installation, Command and Control, Actions on Objectives
Reconnaissance
Labor Intensive, Target researched, obvious targets identified
Weaponization
Attacker develops and places their malware on a deliverable vector
Delivery
Transmitting the malicious code to the target
Exploitation
Malicious code executed
Installation
Malicious code installs additional software downloaded
Command and Control
Deployed weapon needs regular communication with a C2 server
Actions on objectivesActivities to complete objectives, such as exfiltrating data, destroying systems or moving to another connected system.NesteggMemory only backdoor, proxy commands to other infected systemsQUICKCAFEEncrypted JavaScript downloader for QUICKRIDE.POWERDYEPACKAPT-38 SWIFT bank heist frameworkKEYLIMEkeyloggerREDSHAWLsession hijacking utilitySMOOTHRIDEFlash loader that contains three different exploits within itclosesharedesigned to clean up other malwareCHEESETRAYproxy aware backdoor, enumeration, upload download, talks to C&C serverMAPMAKERReconnaisance tool, enumerates and prints active TCP connectionsNACHOCHEESECommand-line tunneler C&C IP's gives shell accessCLEANTOADDisruption tool, delete file system artifacts, clears windows event logs. (cleans BLINDTOAD as well)