• Mar 23, 2021
    • 1 min read

Adversary | APT39

Updated: Apr 3, 2021


Also Known As

Chafer | Remix Kitten | Cobalt Hickman







Origin

Iran


Target Countries

Australia | Egypt | Iraq | Israel | Jordan | Kuwait | Norway | Qatar | Saudi Arabia | South Korea | Turkey | United Arab Emirates


Targeted Verticals

Critical Infrastructure

Government | Military

Telecommunications

Retail | Commercial


MITRE TTPs

Application Layer Protocol: DNS

Application Layer Protocol: Web Protocols

Archive Collected Data: Archive via Utility

Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Boot or Logon Autostart Execution: Shortcut Modification

Brute Force

Clipboard Data

Command and Scripting Interpreter

PowerShell

Python

Create Account: Local Account

Credentials from Password Stores

Data from Local System

Exploit Public-Facing Application

Ingress Tool Transfer

Input Capture: Keylogging

Masquerading: Match Legitimate Name or Location

Network Service Scanning

Network Share Discovery

Obfuscated Files or Information: Software Packing

OS Credential Dumping

LSASS Memory

Phishing: Spearphishing Attachment

Phishing: Spearphishing Link

Proxy: Internal Proxy

Proxy: External Proxy

Remote Services: Remote Desktop Protocol

Remote Services: SSH

Remote Services: SMB/Windows Admin Shares

Remote System Discovery

Scheduled Task/Job: Scheduled Task

Screen Capture

Server Software Component: Web Shell

System Owner/User Discovery

System Services: Service Execution

User Execution: Malicious File

User Execution: Malicious Link

Valid Accounts

Web Service: Bidirectional Communication

Tags:

16 views

Related Posts

See All