WHEATSCAN

Description

(FireEye) After gaining initial access, the operators conduct credential harvesting and extensive internal network reconnaissance. This includes running native Windows commands on compromised servers, executing AdFind on the Active Directory, and scanning the internal network with numerous publicly available tools and a non-public scanner we named WHEATSCAN. The operators made a consistent effort to delete these tools and remove any residual forensic artifacts from compromised systems.

Names

Name
WHEATSCAN

Type

Vulnerability scanner

Information

https://www.fireeye.com/blog/threat-research/2021/08/unc215-chinese-espionage-campaign-in-israel.html

Other Information

Uuid

84f91da3-6425-433b-bdbf-ff37b64b8335

Last Card Change

2021-11-01

Threat Intelligence Garden

Explorer

WHEATSCAN

WHEATSCAN

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks