PittyTiger is a threat group believed to operate out of China that uses multiple different types of malware to maintain command and control.
Disclaimer: We present this mapping to stimulate thinking about active defense options to combat this adversary, not to present all possibilities. We invite you to use this as a guide and add your own use cases for applying Shield techniques to counter each adversary action.
Note: All ATT&CK Group sub-technique mappings have been remapped to their parent technique and were derived from Group Technique mappings in ATT&CK v8.
|ATT&CK Technique||Opportunity Space||AD Technique||Use Case|
|T1078 - Valid Accounts||There is an opportunity to introduce user accounts that are used to make a system look more realistic.||DTE0010 - Decoy Account||A defender can create decoy user accounts which are used to make a decoy system or network look more realistic.|
|T1078 - Valid Accounts||There is an opportunity to deploy a tripwire that triggers an alert when an adversary touches a network resource or uses a specific technique.||DTE0012 - Decoy Credentials||A defender can seed systems with decoy credentials in a variety of locations and establish alerting that will trigger if an adversary harvests the credentials and attempts to use them.|
|T1078 - Valid Accounts||There is an opportunity to prepare user accounts so they look used and authentic.||DTE0008 - Burn-In||A defender can prepare a Decoy System by logging in to the Decoy Account and using it in ways consistent with the deception story, creating artifacts in the system that make it look legitimate.|