🇷🇺
UNC4393
APT Group
1 zero-day CVE
Also Known As 4 names
CURLY SPIDER
Cardinal
STAC5777
Storm-1811
Target Countries 5
Countries highlighted in red
Australia
Canada
United Kingdom
Mexico
United States
Sectors Targeted
Data Processing, Hosting, and Related Services
51821
Construction
23
NAICS:44
44
Computer Systems Design and Related Services
54151
Offices of Lawyers
541110
Data Processing, Hosting, and Related Services
518
NAICS:31
31
Computer Systems Design and Related Services
5415
Legal Services
5411
Health Care and Social Assistance
62
Outpatient Care Centers
6214
Computer Systems Design Services
541512
Finance and Insurance
52
Research and Development in the Social Sciences and Humanities
54172
Credit Unions
52213
Insurance Carriers and Related Activities
524
Other Services (except Public Administration)
81
Toilet Preparation Manufacturing
32562
Management, Scientific, and Technical Consulting Services
5416
Professional, Scientific, and Technical Services
54
Details
Origin
🇷🇺 RU
Last Updated
05 Jan 2026
Malware Families 6
win.gotohttp
TRICKBOT
corona
bashlite
hakai
QAKBOT
MITRE ATT&CK 73
T1021 - Remote Services
T1021.002
T1021.004
T1027
T1027.013
T1033
T1036
T1036.005
T1036.010
T1047 - Windows Management Instrumentation
T1048
T1048.002
T1055 - Process Injection
T1056 - Input Capture
T1059 - Command and Scripting Interpreter
T1059.001
T1059.003
T1068 - Exploitation for Privilege Escalation
T1070 - Indicator Removal on Host
T1074
T1074.001
T1078 - Valid Accounts
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1087
T1087.002
T1090 - Proxy
T1095 - Non-Application Layer Protocol
T1102 - Web Service
T1105
T1110 - Brute Force
T1127 - Trusted Developer Utilities Proxy Execution
T1133 - External Remote Services
T1140 - Deobfuscate/Decode Files or Information
T1176 - Browser Extensions
T1190 - Exploit Public-Facing Application
T1204 - User Execution
T1204.002
T1218 - Signed Binary Proxy Execution
T1219
T1219.002
T1222
T1222.001
T1482
T1486 - Data Encrypted for Impact
T1490 - Inhibit System Recovery
T1498 - Network Denial of Service
T1543 - Create or Modify System Process
T1543.003 - Windows Service
T1547 - Boot or Logon Autostart Execution
T1547.001
T1553 - Subvert Trust Controls
T1560 - Archive Collected Data
T1562 - Impair Defenses
T1562.001 - Disable or Modify Tools
T1566 - Phishing
T1566.002
T1566.003
T1566.004
T1568 - Dynamic Resolution
T1570
T1574
T1574.001
T1583
T1583.001
T1585
T1585.003
T1588
T1588.002
T1656
T1667
T1684
T1684.001