🇵🇸
Desert Falcons
APT Group
Information theft and espionage
ETDA ✓
Also Known As 6 names
AridViper
APT-C-23
Arid Viper
Bearded Barbie
Desert Falcon
Two-tailed Scorpion
Target Countries 50
Countries highlighted in red
United Arab Emirates
Albania
Australia
Bosnia and Herzegovina
Belgium
Bahrain
Canada
Switzerland
China
Cyprus
Germany
Denmark
Algeria
Egypt
France
Greece
Hungary
Indonesia
Israel
India
Iraq
Islamic Republic of Iran
Italy
Jordan
Japan
Republic of Korea
Kuwait
Lebanon
Libya
Morocco
Mali
Mauritania
Mexico
Netherlands
Norway
Pakistan
Palestine
Portugal
Qatar
Romania
Saudi Arabia
Sudan
Sweden
Turkey
Province of China Taiwan
Ukraine
United States
Uzbekistan
Yemen
Zimbabwe
Sectors Targeted
Public Administration
92
Data Processing, Hosting, and Related Services
518
National Security and International Affairs
928
Commercial Banking
52211
Space Research and Technology
927
Military
High-Tech
NGOs
Finance and Insurance
52
NAICS:44
44
Information
51
Computer Systems Design Services
541512
Data Processing, Hosting, and Related Services
51821
NAICS:48
48
Utilities
22
Grantmaking and Giving Services
8132
Oil and Gas Extraction
211
Professional, Scientific, and Technical Services
54
Government
Educational Services
61
Finance
Telecommunications
517
Energy
Software Publishers
5112
Justice, Public Order, and Safety Activities
922
Critical infrastructure
Insurance Carriers and Related Activities
524
Health Care and Social Assistance
62
Publishing Industries (except Internet)
511
Civic and Social Organizations
8134
Computer Systems Design and Related Services
54151
Computer Systems Design and Related Services
5415
Computer and Electronic Product Manufacturing
334
Civil Society
Education
Media
Religious, Grantmaking, Civic, Professional, and Similar Organizations
813
Internet Publishing and Broadcasting and Web Search Portals
51913
Telecoms
Legal
Transportation
Defense
Details
Origin
🇵🇸 PS
Last Updated
11 May 2024
Malware Families 1
kasperagent
MITRE ATT&CK 39
T1001 - Data Obfuscation
T1005 - Data from Local System
T1007 - System Service Discovery
T1016 - System Network Configuration Discovery
T1027 - Obfuscated Files or Information
T1033 - System Owner/User Discovery
T1038 - DLL Search Order Hijacking
T1053 - Scheduled Task/Job
T1053.001 - At (Linux)
T1053.002 - At (Windows)
T1053.003 - Cron
T1053.005 - Scheduled Task
T1053.006 - Systemd Timers
T1053.007 - Container Orchestration Job
T1055.001 - Dynamic-link Library Injection
T1055.002 - Portable Executable Injection
T1055.003 - Thread Execution Hijacking
T1055.004 - Asynchronous Procedure Call
T1055.008 - Ptrace System Calls
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1071.001 - Web Protocols
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1095 - Non-Application Layer Protocol
T1105
T1140 - Deobfuscate/Decode Files or Information
T1204 - User Execution
T1204.002 - Malicious File
T1218 - Signed Binary Proxy Execution
T1218.011 - Rundll32
T1490 - Inhibit System Recovery
T1498 - Network Denial of Service
T1547.001 - Registry Run Keys / Startup Folder
T1553 - Subvert Trust Controls
T1562.001 - Disable or Modify Tools
T1566 - Phishing
T1566.001