Description
[Whitefly](https://attack.mitre.org/groups/G0107) is a cyber espionage group that has been operating since at least 2017. The group has targeted organizations based mostly in Singapore across a wide variety of sectors, and is primarily interested in stealing large amounts of sensitive information. The group has been linked to an attack against Singapore’s largest public health organization, SingHealth.(Citation: Symantec Whitefly March 2019)
Techniques Used (TTPs)
- T1105 — Ingress Tool Transfer (command-and-control)
- T1574.001 — DLL (persistence, privilege-escalation, defense-evasion)
- T1003.001 — LSASS Memory (credential-access)
- T1068 — Exploitation for Privilege Escalation (privilege-escalation)
- T1588.002 — Tool (resource-development)
- T1059 — Command and Scripting Interpreter (execution)
- T1027.013 — Encrypted/Encoded File (defense-evasion)
- T1204.002 — Malicious File (execution)
- T1036.005 — Match Legitimate Resource Name or Location (defense-evasion)
Total TTPs: 9
Malware & Tools
Tools: Mimikatz