🇮🇷
DNSpionage
APT Group
Information theft and espionage
21 zero-day CVEs
ETDA ✓
Also Known As 1 names
COBALT EDGEWATER
Target Countries 10
Countries highlighted in red
Albania
Cyprus
Egypt
Iraq
Jordan
Kuwait
Lebanon
Libya
Sweden
United States
Sectors Targeted
Government
Law enforcement
Aviation
Management, Scientific, and Technical Consulting Services
5416
Data Processing, Hosting, and Related Services
51821
Telecommunications
Internet infrastructure
Details
Origin
🇮🇷 IR
Last Updated
06 Aug 2025
Malware Families 44
wannacryptor
hermeticwiper
REVENGERRAT
hupigon
huskloader
expiro
redcap
havex_rat
dofloo
graftor
pykspa
TINY
NJRAT
limerat
win.qhost
kuaibu8
feodo
troublegrabber
CRYXOS
virut
backnet
webmonitor
sarhust
agent_tesla
EMOTET
agent_btz
Asprox
mikey
AZORULT
zgrat
outcrypt
zhmimikatz
WACATAC
blacknix_rat
SMOKELOADER
TRICKBOT
blacknet_rat
mokes
teambot
kuluoz
wannaren
karkoff
lokipws
revenge_rat
MITRE ATT&CK 163
T1001 - Data Obfuscation
T1003 - OS Credential Dumping
T1003.004 - LSA Secrets
T1004 - Winlogon Helper DLL
T1005 - Data from Local System
T1007
T1008
T1011
T1012
T1016
T1018 - Remote System Discovery
T1021
T1021.001 - Remote Desktop Protocol
T1021.006 - Windows Remote Management
T1027 - Obfuscated Files or Information
T1030
T1031
T1033
T1035 - Service Execution
T1036
T1036.004
T1038 - DLL Search Order Hijacking
T1040
T1041
T1043 - Commonly Used Port
T1045
T1046
T1047
T1048
T1048.003 - Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol
T1049
T1053
T1055 - Process Injection
T1055.003 - Thread Execution Hijacking
T1056 - Input Capture
T1056.001 - Keylogging
T1057
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003
T1059.007 - JavaScript
T1060
T1065 - Uncommonly Used Port
T1068 - Exploitation for Privilege Escalation
T1069.001 - Local Groups
T1070
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1071.003
T1071.004 - DNS
T1076 - Remote Desktop Protocol
T1078
T1081
T1082
T1083
T1085
T1087
T1090 - Proxy
T1095
T1100
T1102
T1105 - Ingress Tool Transfer
T1106
T1110
T1110.002 - Password Cracking
T1112
T1114 - Email Collection
T1114.001
T1115
T1119
T1120
T1122
T1124
T1125
T1127
T1129
T1130
T1132
T1133
T1136
T1137
T1140 - Deobfuscate/Decode Files or Information
T1156 - Malicious Shell Modification
T1170
T1173 - Dynamic Data Exchange
T1176 - Browser Extensions
T1179 - Hooking
T1184 - SSH Hijacking
T1185 - Man in the Browser
T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1204 - User Execution
T1204.002
T1210 - Exploitation of Remote Services
T1211 - Exploitation for Defense Evasion
T1217
T1218 - Signed Binary Proxy Execution
T1404 - Exploit OS Vulnerability
T1410 - Network Traffic Capture or Redirection
T1412 - Capture SMS Messages
T1415
T1423 - Network Service Scanning
T1427 - Attack PC via USB Connection
T1445 - Abuse of iOS Enterprise App Signing Key
T1449 - Exploit SS7 to Redirect Phone Calls/SMS
T1450 - Exploit SS7 to Track Device Location
T1453 - Abuse Accessibility Features
T1454 - Malicious SMS Message
T1472 - Generate Fraudulent Advertising Revenue
T1476 - Deliver Malicious App via Other Means
T1485
T1486
T1489
T1490 - Inhibit System Recovery
T1496 - Resource Hijacking
T1497 - Virtualization/Sandbox Evasion
T1497.003
T1498 - Network Denial of Service
T1499.001
T1503
T1505
T1518
T1529
T1530
T1531
T1539
T1543
T1546.015
T1547
T1550
T1552
T1553 - Subvert Trust Controls
T1555
T1557 - Man-in-the-Middle
T1560
T1561
T1562
T1562.001
T1562.004 - Disable or Modify System Firewall
T1563 - Remote Service Session Hijacking
T1566 - Phishing
T1566.002
T1568.001 - Fast Flux DNS
T1571
T1573 - Encrypted Channel
T1583
T1583.002
T1584
T1587
T1588.004
T1590.002 - DNS
T1595
T1596.001 - DNS/Passive DNS
T1596.004 - CDNs
T1608
TA0002
TA0003
TA0004 - Privilege Escalation
TA0005
TA0007
TA0009
TA0011 - Command and Control
TA0029 - Privilege Escalation