🇰🇿
YoroTrooper
APT Group
Information theft and espionage
3 zero-day CVEs
ETDA ✓
Also Known As 7 names
Cavalry Werewolf
Comrade Saiga
Salted Earth
ShadowSilk
Silent Lynx
Sturgeon Fisher
SturgeonPhisher
Target Countries 35
Countries highlighted in red
Armenia
Argentina
Australia
Azerbaijan
Brazil
Belarus
Canada
Switzerland
China
Colombia
Germany
Dominican Republic
Spain
Finland
Croatia
India
Japan
Kyrgyzstan
Kazakhstan
Republic of Moldova
Myanmar
Malta
Mexico
Nigeria
Netherlands
Philippines
Pakistan
Portugal
Romania
Russian Federation
Tajikistan
Turkmenistan
Turkey
United States
Uzbekistan
Sectors Targeted
Energy
Financial
Government
Details
Origin
🇰🇿 KZ
Last Updated
08 Nov 2023
MITRE ATT&CK 43
T1007 - System Service Discovery
T1012 - Query Registry
T1016 - System Network Configuration Discovery
T1018 - Remote System Discovery
T1027 - Obfuscated Files or Information
T1033 - System Owner/User Discovery
T1036 - Masquerading
T1041 - Exfiltration Over C2 Channel
T1046 - Network Service Scanning
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task
T1056 - Input Capture
T1056.001 - Keylogging
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1071 - Application Layer Protocol
T1071.001
T1078 - Valid Accounts
T1078.002 - Domain Accounts
T1083 - File and Directory Discovery
T1087 - Account Discovery
T1095 - Non-Application Layer Protocol
T1104 - Multi-Stage Channels
T1105 - Ingress Tool Transfer
T1106 - Native API
T1127 - Trusted Developer Utilities Proxy Execution
T1134 - Access Token Manipulation
T1176
T1204 - User Execution
T1204.001 - Malicious Link
T1204.002 - Malicious File
T1547 - Boot or Logon Autostart Execution
T1547.001 - Registry Run Keys / Startup Folder
T1552 - Unsecured Credentials
T1552.001 - Credentials In Files
T1560 - Archive Collected Data
T1560.001 - Archive via Utility
T1566 - Phishing
T1566.001 - Spearphishing Attachment
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration to Cloud Storage
T1589 - Gather Victim Identity Information
T1589.002 - Email Addresses