Also Known As
TA505 | Graceful Spider | Gold Evergreen | TEMP.Warlock | ATK 103 | SectorJ04 | Hive0065 | Chimborazo | Hive0065
Origin
Russia
Target Countries
Argentina | Australia | Austria | Belgium | Brazil | Canada | Chile | Colombia | Congo | Europe | France | Germany | Ghana | Hungary | India | Indonesia | Italy | Japan | Latvia | Malaysia | Mexico | Middle East North Africa (MENA) | Myanmar | Netherlands | Poland | Portugal
Russian Federation | Singapore | South Africa | South Korea | South East Asia | Spain | Taiwan | United Kingdom | United States | Vietnam | Western Europe
Targeted Verticals
Education
Critical Infrastructure
Financial Services
Government | Military
Telecommunications
MITRE TTPs
Account Discovery: Email Account
Application Layer Protocol: Web Protocols
Command and Scripting Interpreter: PowerShell
Command and Scripting Interpreter: Visual Basic
Command and Scripting Interpreter: JavaScript/JScript
Command and Scripting Interpreter: Windows Command Shell
Credentials from Password Stores: Credentials from Web Browsers
Dynamic Resolution: Fast Flux DNS
Inter-Process Communication: Dynamic Data Exchange
Obfuscated Files or Information
Phishing: Spearphishing Attachment
Process Injection: Dynamic-link Library Injection
Signed Binary Proxy Execution: Msiexec
Signed Binary Proxy Execution: Rundll32
Subvert Trust Controls: Code Signing
Unsecured Credentials: Credentials In Files
User Execution: Malicious File