🇵🇰
Operation C-Major
APT Group
Information theft and espionage
5 zero-day CVEs
ETDA ✓
Also Known As 11 names
APT 36
APT36
C-Major
COPPER FIELDSTONE
Earth Karkaddan
Green Havildar
Mythic Leopard
ProjectM
Storm-0156
TMP.Lapis
Transparent Tribe
Target Countries 29
Countries highlighted in red
Afghanistan
Austria
Australia
Azerbaijan
Belgium
Bulgaria
Botswana
Canada
China
Germany
Spain
India
Iraq
Islamic Republic of Iran
Japan
Kenya
Kazakhstan
Mongolia
Malaysia
Netherlands
Nepal
Oman
Pakistan
Romania
Saudi Arabia
Sweden
Thailand
Turkey
United States
Sectors Targeted
Motion Picture and Video Production
51211
Advertising Agencies
54181
Human Resources Consulting Services
541612
National Security and International Affairs
928110
All Other Information Services
51919
Commercial Banking
52211
Graphic Design Services
54143
Government
Education
Computer Systems Design Services
541512
Elementary and Secondary Schools
6111
Embassies
Defense
Data Processing, Hosting, and Related Services
51821
Offices of Lawyers
541110
Details
Origin
🇵🇰 PK
Last Updated
17 Jun 2025
Malware Families 12
beendoor
DARKCOMET
Vantom
houdini
stealthmango
bozok
luminosity_rat
H-worm
breach_rat
bezigate
dubrute
adwind
MITRE ATT&CK 175
T1001 - Data Obfuscation
T1001.001 - Junk Data
T1003 - OS Credential Dumping
T1003.001 - LSASS Memory
T1005 - Data from Local System
T1007 - System Service Discovery
T1010 - Application Window Discovery
T1011 - Exfiltration Over Other Network Medium
T1011.001 - Exfiltration Over Bluetooth
T1012 - Query Registry
T1014 - Rootkit
T1016 - System Network Configuration Discovery
T1018 - Remote System Discovery
T1021 - Remote Services
T1025 - Data from Removable Media
T1027 - Obfuscated Files or Information
T1027.002 - Software Packing
T1027.013
T1033 - System Owner/User Discovery
T1036 - Masquerading
T1036.005
T1037 - Boot or Logon Initialization Scripts
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1046
T1047 - Windows Management Instrumentation
T1048 - Exfiltration Over Alternative Protocol
T1049 - System Network Connections Discovery
T1053 - Scheduled Task/Job
T1053.003 - Cron
T1053.005 - Scheduled Task
T1055 - Process Injection
T1056 - Input Capture
T1056.001 - Keylogging
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1059.004 - Unix Shell
T1059.005 - Visual Basic
T1059.007 - JavaScript
T1064 - Scripting
T1070 - Indicator Removal on Host
T1070.004 - File Deletion
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1074 - Data Staged
T1078 - Valid Accounts
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1087 - Account Discovery
T1090 - Proxy
T1095 - Non-Application Layer Protocol
T1102 - Web Service
T1104
T1105 - Ingress Tool Transfer
T1106 - Native API
T1110 - Brute Force
T1112 - Modify Registry
T1113 - Screen Capture
T1114 - Email Collection
T1115 - Clipboard Data
T1119
T1123
T1124 - System Time Discovery
T1125 - Video Capture
T1127 - Trusted Developer Utilities Proxy Execution
T1129 - Shared Modules
T1132 - Data Encoding
T1133 - External Remote Services
T1134 - Access Token Manipulation
T1134.001 - Token Impersonation/Theft
T1137
T1140 - Deobfuscate/Decode Files or Information
T1185 - Man in the Browser
T1187 - Forced Authentication
T1189 - Drive-by Compromise
T1190 - Exploit Public-Facing Application
T1195 - Supply Chain Compromise
T1199
T1202 - Indirect Command Execution
T1203 - Exploitation for Client Execution
T1204 - User Execution
T1204.001 - Malicious Link
T1204.002 - Malicious File
T1218 - Signed Binary Proxy Execution
T1218.005 - Mshta
T1218.010 - Regsvr32
T1219 - Remote Access Software
T1222 - File and Directory Permissions Modification
T1398
T1409 - Access Stored Application Data
T1420
T1422
T1424
T1426
T1429
T1430 - Location Tracking
T1485 - Data Destruction
T1486
T1496 - Resource Hijacking
T1497 - Virtualization/Sandbox Evasion
T1497.001 - System Checks
T1497.002 - User Activity Based Checks
T1498 - Network Denial of Service
T1509
T1512
T1513
T1517
T1518 - Software Discovery
T1518.001 - Security Software Discovery
T1529 - System Shutdown/Reboot
T1530 - Data from Cloud Storage Object
T1531 - Account Access Removal
T1533
T1539 - Steal Web Session Cookie
T1542 - Pre-OS Boot
T1542.003 - Bootkit
T1543 - Create or Modify System Process
T1543.002 - Systemd Service
T1543.003 - Windows Service
T1546 - Event Triggered Execution
T1546.004 - Unix Shell Configuration Modification
T1547 - Boot or Logon Autostart Execution
T1547.001 - Registry Run Keys / Startup Folder
T1547.009 - Shortcut Modification
T1547.013 - XDG Autostart Entries
T1548 - Abuse Elevation Control Mechanism
T1548.002 - Bypass User Account Control
T1550 - Use Alternate Authentication Material
T1552 - Unsecured Credentials
T1553 - Subvert Trust Controls
T1555 - Credentials from Password Stores
T1557 - Man-in-the-Middle
T1559
T1560 - Archive Collected Data
T1562 - Impair Defenses
T1562.001 - Disable or Modify Tools
T1564 - Hide Artifacts
T1564.001 - Hidden Files and Directories
T1564.003 - Hidden Window
T1565.001 - Stored Data Manipulation
T1566 - Phishing
T1566.001 - Spearphishing Attachment
T1566.002 - Spearphishing Link
T1568 - Dynamic Resolution
T1571 - Non-Standard Port
T1573 - Encrypted Channel
T1574 - Hijack Execution Flow
T1574.002 - DLL Side-Loading
T1582
T1583 - Acquire Infrastructure
T1583.001 - Domains
T1583.006 - Web Services
T1584 - Compromise Infrastructure
T1584.001 - Domains
T1587
T1587.001 - Malware
T1587.003
T1588
T1588.001 - Malware
T1588.002 - Tool
T1589 - Gather Victim Identity Information
T1590 - Gather Victim Network Information
T1592 - Gather Victim Host Information
T1592.002
T1592.003
T1592.004
T1598 - Phishing for Information
T1598.003 - Spearphishing Link
T1608 - Stage Capabilities
T1608.001 - Upload Malware
T1608.004
T1608.005 - Link Target
T1614 - System Location Discovery