TENGU
Confirmed CVEs (2)
Exploited by this group as confirmed by threat intelligence sources.
ATT&CK Techniques (10)
T1078
Valid Accounts
Initial Access
T1059.001
Command and Scripting Interpreter: PowerShell
Execution
T1059.003
Command and Scripting Interpreter: Windows Command Shell
Execution
T1053.005
Scheduled Task/Job: Scheduled Task
Persistence
T1070
Indicator Removal
Defense Evasion
T1218
System Binary Proxy Execution
Defense Evasion
T1021.001
Remote Services: Remote Desktop Protocol
Lateral Movement
T1041
Exfiltration Over C2 Channel
Exfiltration
T1486
Data Encrypted for Impact
Impact
T1490
Inhibit System Recovery
Impact