Skip to content

[Intel]: https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor/ #677

New issue
New issue
Open
Open
[Intel]: https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor/#677
Assignees
timb-machine
Labels
missing:tag:T1021.002missing:tag:T1027.002missing:tag:T1048missing:tag:T1053.003missing:tag:T1057missing:tag:T1070.004missing:tag:T1071.001missing:tag:T1083missing:tag:T1491missing:tag:T1518missing:tag:T1567missing:tag:T1573
@timb-machine

Description

@timb-machine
timb-machine
opened on May 27, 2023

Area

Breach reports

Parent threat

Reconnaissance, Initial Access, Persistence, Defense Evasion, Discovery, Collection, Impact

Finding

https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor/

Industry reference

attack:T1593:Search Open Websites/Domains
attack:T1190:Exploit Public-Facing Application
attack:T1078.004:Cloud Accounts
attack:T1526:Cloud Service Discovery
attack:T1619:Cloud Storage Object Discovery
attack:T1069:Permission Groups Discovery
attack:T1069.003:Cloud Groups
attack:T1602:Data from Configuration Repository
attack:T1213.003:Code Repositories
attack:T1098:Account Manipulation
attack:T1098.003:Additional Cloud Roles
attack:T1136:Create Account
attack:T1136.003:Cloud Account
attack:T1036:Masquerading
attack:T1021.004:SSH
attack:T1578:Modify Cloud Compute Infrastructure
attack:T1578.002:Create Cloud Instance
attack:T1525:Implant Internal Image
attack:T1496:Resource Hijacking

Malware reference

No response

Actor reference

GUI-vil

Component

Linux, Hosting

Scenario

Cloud hosted services

Metadata

Metadata