DISARMframeworks/generated_pages/counters/C00182.md

# Counter C00182: Redirection / malware detection/ remediation

* **Summary**: Detect redirction or malware, then quarantine or delete.  Example: (2015) Trustwave reported that a Bedep Trojan malware kit had begun infecting machines and forcing them to browse certain sites, artificially inflating traffic to a set of pro-Russia

* **Playbooks**: 

* **Metatechnique**: M005 - removal

* **Resources needed:** 

* **Belongs to tactic stage**: TA09


| Actor types | Sectors |
| ----------- | ------- |
| [A027 information security](../generated_pages/actortypes/A027.md) | S008 |


| Counters these Tactics |
| ---------------------- |


| Counters these Techniques |
| ------------------------- |
| [T0011 Compromise legitimate account](../generated_pages/techniques/T0011.md) |
| [T0054 Twitter bots amplify](../generated_pages/techniques/T0054.md) |


| Seen in incidents |
| ----------------- |


DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW
Copy AMITT repository, clean up and rebrand Took a copy of the current AMITT github repository - we'll be updating this and merging the SPICE branch back in Rebranded to DISARM Moved generated pages to their own folder, to make looking at the repository less confusing 2022-01-29 16:34:46 +00:00			`# Counter C00182: Redirection / malware detection/ remediation`

			`* Summary: Detect redirction or malware, then quarantine or delete. Example: (2015) Trustwave reported that a Bedep Trojan malware kit had begun infecting machines and forcing them to browse certain sites, artificially inflating traffic to a set of pro-Russia`

			`* Playbooks:`

			`* Metatechnique: M005 - removal`

			`* Resources needed:`

			`* Belongs to tactic stage: TA09`


			`\| Actor types \| Sectors \|`
			`\| ----------- \| ------- \|`
			`\| [A027 information security](../generated_pages/actortypes/A027.md) \| S008 \|`



			`\| Counters these Tactics \|`
			`\| ---------------------- \|`



			`\| Counters these Techniques \|`
			`\| ------------------------- \|`
framework and page updates Framework updates: - TA08 added text "Used for preparation before broader release, and as message honing." - TA10 change name from "Go Physical" to "Drive Offline Activity" - T0004 change name from "Competing Narratives" to "Devise Competing Narratives" - T0005 convert into a tactic stage, TA13. Change name from "Center of Gravity Analysis" to "Conduct Center of Gravity Analysis" - T0006 rename from "Create Master Narratives" to "Develop Narrative Concepts". nb narratology: can't create master narratives - can only latch onto them - T0011 change name from "Hijack legitimate account" to "Compromise legitimate account" - T0065. Create new technique "use physical broadcast capabilities" under TA04 - T0014. Rename from "Create funding campaigns" to "Prepare fundraising campaigns". Exited text to reflect that this new name allows the possibility of either creating a new one, or revitalizing an existing one. - T0015 rename from "Create hashtag" to "Create hashtags". Change text to mention hashtag groups. - T0017 rename from "Promote online funding" to "Conduct Fundraising Campaigns" - T0018 rename from "Paid targeted ads" to "Purchase advertisements" - T0026 rename from "Create fake research" to "create pseudoscientific or disingenuous research" Page and file updates: - Added MITRE, FIU, and SPICE to DISARM's history - reran github page generator - reran sqlite generator 2022-02-02 15:57:17 +00:00			`\| [T0011 Compromise legitimate account](../generated_pages/techniques/T0011.md) \|`
Copy AMITT repository, clean up and rebrand Took a copy of the current AMITT github repository - we'll be updating this and merging the SPICE branch back in Rebranded to DISARM Moved generated pages to their own folder, to make looking at the repository less confusing 2022-01-29 16:34:46 +00:00			`\| [T0054 Twitter bots amplify](../generated_pages/techniques/T0054.md) \|`



			`\| Seen in incidents \|`
			`\| ----------------- \|`


			`DO NOT EDIT ABOVE THIS LINE - PLEASE ADD NOTES BELOW`