Skip to main content

Table 1 Techniques and methods used in the operational phases of main APT campaigns [15]

From: Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection

APT campaign/group Initial compromise Lateral movement C2 Report
  Spear-phishing Watering-hole attacks Server attacks Storage media Standard OS tools Hash and password dumping Exploit vulnerabilities HTTP/HTTPS Others Custom protocols  
HeartBeat          [93]
Icefog          [94]
Darkhotel          [95]
Operation Cleaver       [96]
Shell Crew          [97]
Regin           [98]
APT28          [99]
Anunak     [100]
Deep Panda          [101]
Cozy Duke           [102]
Hellsing           [103]
MsnMM (Naikon Group)           [104]
Carbanak        [105]
Duqu 2.0     [106]
Thamar Reservoir           [107]
Naikon APT           [108]
APT30          [109]
Woolen-Goldfish          [110]
EquationDrug (Equation Group)           [111]
Animal Farm            [112]
Waterbug Group          [113]
Desert Falcons           [114]