Table 1 Techniques and methods used in the operational phases of main APT campaigns [15]
From: Foundations and applications of artificial Intelligence for zero-day and multi-step attack detection
APT campaign/group | Initial compromise | Lateral movement | C2 | Report | |||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Spear-phishing | Watering-hole attacks | Server attacks | Storage media | Standard OS tools | Hash and password dumping | Exploit vulnerabilities | HTTP/HTTPS | Others | Custom protocols | ||
HeartBeat | ✓ | ✓ | [93] | ||||||||
Icefog | ✓ | ✓ | ✓ | ✓ | [94] | ||||||
Darkhotel | ✓ | ✓ | ✓ | [95] | |||||||
Operation Cleaver | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | [96] | ||||
Shell Crew | ✓ | ✓ | ✓ | ✓ | [97] | ||||||
Regin | ✓ | ✓ | [98] | ||||||||
APT28 | ✓ | ✓ | ✓ | [99] | |||||||
Anunak | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | [100] | |||
Deep Panda | ✓ | ✓ | ✓ | ✓ | [101] | ||||||
Cozy Duke | ✓ | ✓ | [102] | ||||||||
Hellsing | ✓ | [103] | |||||||||
MsnMM (Naikon Group) | ✓ | ✓ | ✓ | [104] | |||||||
Carbanak | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | [105] | ||||
Duqu 2.0 | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | [106] | |||
Thamar Reservoir | ✓ | [107] | |||||||||
Naikon APT | ✓ | ✓ | ✓ | [108] | |||||||
APT30 | ✓ | ✓ | ✓ | [109] | |||||||
Woolen-Goldfish | ✓ | ✓ | ✓ | [110] | |||||||
EquationDrug (Equation Group) | ✓ | ✓ | ✓ | [111] | |||||||
Animal Farm | ✓ | [112] | |||||||||
Waterbug Group | ✓ | ✓ | ✓ | ✓ | [113] | ||||||
Desert Falcons | ✓ | ✓ | [114] | ||||||||