🇮🇷
MAGNALLIUM
APT Group
Sabotage and destruction
Information theft and espionage
9 zero-day CVEs
ETDA ✓
Also Known As 10 names
APT 33
APT33
ATK35
COBALT TRINITY
Elfin
G0064
HOLMIUM
Peach Sandstorm
Refined Kitten
TA451
Target Countries 8
Countries highlighted in red
Egypt
United Kingdom
Israel
Iraq
Islamic Republic of Iran
Republic of Korea
Saudi Arabia
United States
Sectors Targeted
Healthcare
High-Tech
Scientific Research and Development Services
5417
Computer Systems Design and Related Services
54151
Telecommunications
Aviation
Education
Defense
Government
Financial
Data Processing, Hosting, and Related Services
51821
Petrochemical
Energy
Manufacturing
others
Media
Oil and gas
Details
Origin
🇮🇷 IR
Last Updated
01 Jul 2025
Malware Families 5
NETWIRE
DARKCOMET
zhmimikatz
powerband
filerase
MITRE ATT&CK 144
T1001
T1003
T1003.001
T1003.003 - NTDS
T1003.004
T1003.005
T1005
T1007
T1008
T1011
T1012
T1016
T1018
T1021 - Remote Services
T1021.002 - SMB/Windows Admin Shares
T1021.004 - SSH
T1027 - Obfuscated Files or Information
T1027.013
T1030
T1033
T1036 - Masquerading
T1040
T1041
T1046 - Network Service Scanning
T1047
T1048
T1048.003
T1049
T1053
T1053.003 - Cron
T1053.005
T1055 - Process Injection
T1056
T1057
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1059.005
T1060
T1064
T1068
T1070 - Indicator Removal on Host
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1078 - Valid Accounts
T1078.004 - Cloud Accounts
T1081
T1082
T1083
T1084
T1085
T1087
T1090
T1090.001 - Internal Proxy
T1095 - Non-Application Layer Protocol
T1102 - Web Service
T1102.003 - One-Way Communication
T1104 - Multi-Stage Channels
T1105 - Ingress Tool Transfer
T1106
T1110 - Brute Force
T1110.003 - Password Spraying
T1112
T1113
T1114
T1114.001
T1115
T1119
T1120
T1123
T1124
T1125 - Video Capture
T1127
T1129
T1130
T1132
T1132.001
T1133
T1136
T1137
T1140 - Deobfuscate/Decode Files or Information
T1170
T1176 - Browser Extensions
T1187 - Forced Authentication
T1189 - Drive-by Compromise
T1190
T1192 - Spearphishing Link
T1195 - Supply Chain Compromise
T1199 - Trusted Relationship
T1203
T1204 - User Execution
T1204.001
T1204.002
T1217
T1218 - Signed Binary Proxy Execution
T1221
T1485
T1486
T1489
T1490 - Inhibit System Recovery
T1497
T1497.003
T1498 - Network Denial of Service
T1503
T1505 - Server Software Component
T1518
T1529
T1530
T1531
T1539
T1543
T1546
T1546.003
T1547 - Boot or Logon Autostart Execution
T1547.001 - Registry Run Keys / Startup Folder
T1548 - Abuse Elevation Control Mechanism
T1550
T1552
T1552.001
T1552.006
T1553 - Subvert Trust Controls
T1555
T1555.003
T1560
T1560.001
T1561
T1562
T1562.001
T1566 - Phishing
T1566.001
T1566.002
T1569.002 - Service Execution
T1571
T1573
T1573.001
T1583
T1587 - Develop Capabilities
T1588 - Obtain Capabilities
T1588.002 - Tool
T1589 - Gather Victim Identity Information
T1591 - Gather Victim Org Information
T1595
TA0003
TA0008