0apt

0 tracked victims

Group profile

The group appears unreliable. Most, if not all, of its alleged victims cannot be verified and appear to be randomly selected organizations. WE HAVE DECIDED TO REMOVE ENTRIES FOR THIS GROUP

MITRE ATT&CK TTPs

TA0001

Initial Access

T1078Valid Accounts
T1133External Remote Services
T1566Phishing
T1566.001Phishing: Spearphishing Attachment

TA0002

Execution

T1047Windows Management Instrumentation
T1059.001Command and Scripting Interpreter: PowerShell
T1204.002User Execution: Malicious File

TA0003

Persistence

T1053.005Scheduled Task/Job: Scheduled Task
T1547.001Boot or Logon Autostart Execution: Registry Run Keys

TA0005

Defense Evasion

T1014Rootkit
T1027Obfuscated Files or Information
T1036Masquerading
T1055Process Injection
T1070Indicator Removal
T1140Deobfuscate/Decode Files or Information
T1562.001Impair Defenses: Disable or Modify Tools
T1564Hidden Artifacts
T1622Debugger Evasion
T1672Email Spoofing
T1678Delay Execution

TA0006

Credential Access

T1003OS Credential Dumping
T1003.001OS Credential Dumping: LSASS Memory
T1555Credentials from Password Stores

TA0007

Discovery

T1082System Information Discovery
T1083File and Directory Discovery
T1135Network Share Discovery
T1526Cloud Service Discovery

TA0008

Lateral Movement

T1021.001Remote Services: Remote Desktop Protocol
T1021.002Remote Services: SMB/Windows Admin Shares
T1570Lateral Tool Transfer

TA0009

Collection

T1005Data from Local System
T1039Data from Network Shared Drive
T1056Input Capture
T1119Automated Collection
T1560Archive Collected Data

TA0010

Exfiltration

T1041Exfiltration Over C2 Channel
T1567Exfiltration Over Web Service

TA0011

Command and Control

T1071.001Application Layer Protocol: Web Protocols
T1573Encrypted Channel

TA0040

Impact

T1485Data Destruction
T1486Data Encrypted for Impact
T1489Service Stop
T1490Inhibit System Recovery

Recent victims

No victims tracked yet.