搜索
查看: 4292|回复: 4
收起左侧

[杀软评测] MITRE ATT&CK Second Round: APT29

[复制链接]
85683213
发表于 2020-4-25 11:35:50 | 显示全部楼层 |阅读模式
本帖最后由 85683213 于 2020-4-25 17:43 编辑

https://attackevals.mitre.org/APT29/

Participants:
Bitdefender, CrowdStrike, Cybereason,
CyCraft, Blackberry Cylance, Elastic,
F-Secure, FireEye, GoSecure,
HanSight, Kaspersky, Malwarebytes,
McAfee, Microsoft, Palo Alto Networks,
ReaQta, Secureworks, SentinelOne,
Symantec, Trend Micro, VMware Carbon Black

Scenario Overview:

Two scenarios emulate publicly reported APT29/Cozy Bear/The Dukes/YTTRIUM tradecraft and operational flows. The first scenario (executed with Pupy, Meterpreter, and custom tooling) begins with the execution of a payload delivered by a widespread "spray and pray" spearphishing campaign, followed by a rapid "smash and grab" collection and exfiltration of specific file types. After completing the initial data theft, the value of the target is realized, and the adversary drops a secondary, stealthier toolkit used to further explore and compromise the target network.

The second scenario (executed with PoshC2 and custom tooling) focuses on a very targeted and methodical breach, beginning with the execution of a specially crafted payload designed to scrutinize the target environment before executing. The scenario continues through a low and slow takeover of the initial target and eventually the entire domain. Both scenarios include executing previously established persistence mechanisms after a simulated time lapse to further the scope of the breach.

Detection Categories:
kk50.PNG

Environment:
kk51.PNG

Technique Scope:


Every Participant has following evaluation results.
All Results
kk52.png

Matrix
kk53.png
kk55.png

Configuration
kk54.png


MITRE does not assign scores, rankings, or ratings. So we get these summary from the participants' websites.
https://www.fireeye.com/blog/products-and-services/2020/04/mitre-evaluation-demonstrates-endpoint-security-managed-defense-detection-leadership.html
kk60.png
kk61.png
https://blog.paloaltonetworks.com/2020/04/cortex-mitre/
kk62.png
https://www.cycarrier.com/press_20200422.html
kk56.jpg
kk57.jpg
kk58.jpg
kk59.jpg
wangyuhe
发表于 2020-4-25 17:27:21 | 显示全部楼层
本帖最后由 wangyuhe 于 2020-4-25 17:28 编辑

奥义科技,一家从未听过的看起来却很叼的台湾公司
feiren
发表于 2020-4-25 20:31:53 | 显示全部楼层
他们网站说这个APT29是毛子ZF支持的?
K560987
发表于 2020-4-28 09:54:36 | 显示全部楼层
这个是业内公认最透明的杀软评测。但却没多大实际意义,完全是评测杀软能否记录威胁的各种信息而非阻止威胁而且还有个重大缺陷——官方不予公布或解读排名和数据。这使得每家厂商都用对自己有利的算法解读数据,几乎所有解读都是自己位列第一
zwl2828
发表于 2020-5-9 06:53:49 | 显示全部楼层
对于竞赛结果有一条值得注意:

MITRE does not assign scores, rankings, or ratings. The evaluation results are available to the public, so other organizations may provide their own analysis and interpretation


想要了解如何读懂竞赛结果,可参考:https://medium.com/mitre-attack/ ... leased-cd30b3686ad9
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 湘ICP备2021004765号-1 ) GMT+8, 2021-4-19 07:50 , Processed in 0.127836 second(s), 19 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表