🇮🇷
Scarred Manticore
APT Group
Information theft and espionage
5 zero-day CVEs
ETDA ✓
Also Known As
No alias recordedTarget Countries 2
Countries highlighted in red
Israel
South Africa
Sectors Targeted
Details
Origin
🇮🇷 IR
Last Updated
08 Nov 2023
MITRE ATT&CK 117
T1001 - Data Obfuscation
T1003
T1003.001
T1003.004
T1003.005
T1016 - System Network Configuration Discovery
T1018 - Remote System Discovery
T1021.001 - Remote Desktop Protocol
T1027 - Obfuscated Files or Information
T1027.002 - Software Packing
T1027.003
T1027.004
T1027.010
T1033 - System Owner/User Discovery
T1036 - Masquerading
T1036.005
T1041 - Exfiltration Over C2 Channel
T1047
T1049
T1053 - Scheduled Task/Job
T1053.005
T1055 - Process Injection
T1056 - Input Capture
T1057
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003
T1059.005 - Visual Basic
T1059.006 - Python
T1059.007 - JavaScript
T1070 - Indicator Removal on Host
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1074
T1074.001
T1078 - Valid Accounts
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1087
T1087.002
T1090 - Proxy
T1090.002
T1095 - Non-Application Layer Protocol
T1102 - Web Service
T1102.002
T1104
T1105 - Ingress Tool Transfer
T1106 - Native API
T1112 - Modify Registry
T1113
T1132 - Data Encoding
T1132.001 - Standard Encoding
T1133 - External Remote Services
T1137
T1137.001
T1140 - Deobfuscate/Decode Files or Information
T1176 - Browser Extensions
T1190 - Exploit Public-Facing Application
T1195 - Supply Chain Compromise
T1199 - Trusted Relationship
T1203
T1204 - User Execution
T1204.001
T1204.002 - Malicious File
T1210
T1213 - Data from Information Repositories
T1218 - Signed Binary Proxy Execution
T1218.003
T1218.005
T1218.011
T1219 - Remote Access Software
T1490
T1518
T1518.001
T1547
T1547.001 - Registry Run Keys / Startup Folder
T1548
T1548.002
T1552 - Unsecured Credentials
T1552.001
T1553.002 - Code Signing
T1555
T1555.003
T1559
T1559.001
T1559.002
T1560
T1560.001
T1562 - Impair Defenses
T1562.001
T1566 - Phishing
T1566.001 - Spearphishing Attachment
T1566.002
T1567.002 - Exfiltration to Cloud Storage
T1568 - Dynamic Resolution
T1569 - System Services
T1569.002 - Service Execution
T1571 - Non-Standard Port
T1573 - Encrypted Channel
T1573.001 - Symmetric Cryptography
T1574
T1574.001
T1574.002 - DLL Side-Loading
T1583 - Acquire Infrastructure
T1583.001 - Domains
T1583.004 - Server
T1583.006
T1584 - Compromise Infrastructure
T1584.004 - Server
T1587 - Develop Capabilities
T1588 - Obtain Capabilities
T1588.001 - Malware
T1588.002 - Tool
T1591 - Gather Victim Org Information
T1592 - Gather Victim Host Information
T1595 - Active Scanning
T1608 - Stage Capabilities