Patchwork

OriginÍndia

Techniques (MITRE ATT&CK)41

SourceMITRE ATT&CK

Also known as:Hangover GroupDropping ElephantChinastratsMONSOONOperation Hangover

Vexday analysis

Patchwork (também conhecido como Hangover Group, Dropping Elephant, Chinastrats, MONSOON e Operation Hangover) é um grupo de espionagem cibernética observado pela primeira vez em dezembro de 2015, com evidências circunstanciais que sugerem origem indiana ou alinhamento pró-Índia. O grupo tem como alvos preferenciais agências governamentais e entidades diplomáticas, e parte significativa do código utilizado em suas operações foi copiada de fóruns públicos online. Em março e abril de 2018, o Patchwork conduziu campanhas de spearphishing direcionadas a grupos de think tank nos Estados Unidos. O grupo possui 41 técnicas documentadas no MITRE ATT&CK (identificador G0040) e 7 CVEs atribuídas.

Techniques (MITRE ATT&CK) 41

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Reconnaissance

Spearphishing Link

Resource development

Code Signing Certificates Tool

Initial access

Drive-by Compromise Spearphishing Attachment Spearphishing Link

Execution

Scheduled Task PowerShell Windows Command Shell Visual Basic Exploitation for Client Execution Malicious Link Malicious File Dynamic Data Exchange

Persistence

Registry Run Keys / Startup Folder

Privilege escalation

Bypass User Account Control

Credential access

Credentials from Web Browsers

Discovery

System Owner/User Discovery System Information Discovery File and Directory Discovery Security Software Discovery Local Storage Discovery

Lateral movement

Remote Desktop Protocol

Collection

Data from Local System Local Data Staging Automated Collection Archive Collected Data

Command and control

Dead Drop Resolver Ingress Tool Transfer Standard Encoding

defense-impairment

Modify Registry Code Signing

stealth

Binary Padding Software Packing Indicator Removal from Tools Command Obfuscation Match Legitimate Resource Name or Location Process Hollowing File Deletion BITS Jobs DLL

Exploited vulnerabilities 7

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2017-11882HIGHEPSS 100%KEV CVE-2017-0199HIGHEPSS 100%KEV CVE-2015-1641HIGHEPSS 97%KEV CVE-2017-8570HIGHEPSS 90%KEV CVE-2014-4114HIGHEPSS 82%KEV CVE-2014-6352HIGHEPSS 78%KEV CVE-2012-1856HIGHEPSS 72%KEV

Patchwork uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →