🇷🇺
GOLD PRELUDE
APT Group
2 zero-day CVEs
ETDA ✓
Also Known As 2 names
TA569
UNC1543
Target Countries 18
Countries highlighted in red
Austria
Australia
Canada
Switzerland
Germany
Denmark
Spain
France
United Kingdom
Ireland
India
Italy
Luxembourg
Philippines
Poland
Russian Federation
Sweden
United States
Sectors Targeted
Construction
23
Computer Systems Design and Related Services
54151
Space Research and Technology
927
Educational Services
61
Telecommunications
517
NAICS:48
48
NAICS:44
44
Oil and Gas Extraction
211
Professional, Scientific, and Technical Services
54
Accommodation and Food Services
72
NAICS:31
31
Public Administration
92
Computer Systems Design and Related Services
5415
Chemical Manufacturing
325
Offices of Lawyers
541110
Insurance Carriers and Related Activities
524
Utilities
22
Agriculture, Forestry, Fishing and Hunting
11
Commercial Banking
52211
Computer Systems Design Services
541512
National Security and International Affairs
928
Software Publishers
5112
Finance and Insurance
52
Health Care and Social Assistance
62
Arts, Entertainment, and Recreation
71
Internet Publishing and Broadcasting and Web Search Portals
51913
Details
Origin
🇷🇺 RU
Last Updated
19 Nov 2022
Malware Families 3
houdini
fakeupdateru
H-worm
MITRE ATT&CK 76
T1021 - Remote Services
T1021.001 - Remote Desktop Protocol
T1027 - Obfuscated Files or Information
T1036 - Masquerading
T1036.005
T1041
T1047 - Windows Management Instrumentation
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task
T1055 - Process Injection
T1056 - Input Capture
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1059.007 - JavaScript
T1060 - Registry Run Keys / Startup Folder
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1074
T1078 - Valid Accounts
T1082 - System Information Discovery
T1090 - Proxy
T1102 - Web Service
T1105 - Ingress Tool Transfer
T1112 - Modify Registry
T1113 - Screen Capture
T1119 - Automated Collection
T1129 - Shared Modules
T1132 - Data Encoding
T1133 - External Remote Services
T1140 - Deobfuscate/Decode Files or Information
T1176 - Browser Extensions
T1189 - Drive-by Compromise
T1190 - Exploit Public-Facing Application
T1192 - Spearphishing Link
T1199 - Trusted Relationship
T1204 - User Execution
T1204.001 - Malicious Link
T1204.002 - Malicious File
T1210
T1218 - Signed Binary Proxy Execution
T1219 - Remote Access Software
T1497 - Virtualization/Sandbox Evasion
T1498
T1518 - Software Discovery
T1518.001 - Security Software Discovery
T1546 - Event Triggered Execution
T1547 - Boot or Logon Autostart Execution
T1547.001 - Registry Run Keys / Startup Folder
T1550 - Use Alternate Authentication Material
T1553 - Subvert Trust Controls
T1553.002 - Code Signing
T1559 - Inter-Process Communication
T1566 - Phishing
T1566.001
T1566.002 - Spearphishing Link
T1568 - Dynamic Resolution
T1568.002 - Domain Generation Algorithms
T1573 - Encrypted Channel
T1574 - Hijack Execution Flow
T1574.001 - DLL Search Order Hijacking
T1574.002 - DLL Side-Loading
T1583 - Acquire Infrastructure
T1583.001 - Domains
T1583.004
T1583.005 - Botnet
T1583.008
T1584
T1584.001
T1595 - Active Scanning
T1598 - Phishing for Information
T1608 - Stage Capabilities
T1608.001
T1608.004
T1608.006