🇷🇺

TA505

APT Group Financial gain Financial crime 9 zero-day CVEs ETDA ✓

Also Known As 13 names

ATK103 CHIMBORAZO DEV-0950 Dudear FIN11 G0092 GOLD TAHOE GRACEFUL SPIDER Hive0065 Lace Tempest SectorJ04 SectorJ04 Group Spandex Tempest

Target Countries 5

Countries highlighted in red

Australia United Kingdom Japan United Republic of Tanzania United States

Sectors Targeted

Telecommunications Retail Computer Systems Design Services 541512 Promoters of Performing Arts, Sports, and Similar Events 7113 Educational Support Services 6117 Grantmaking and Giving Services 8132 Periodical Publishers 51112 Technology Energy Defense Data Processing, Hosting, and Related Services 51821 Advertising Agencies 54181 Hospitality Computer Systems Design and Related Services 54151 Hospitals 622 Financial Air Transportation 481 Education Transportation

Details

Origin 🇷🇺 RU

Last Updated 14 Dec 2025

MITRE ATT&CK 144

T1003 T1005 - Data from Local System T1011 T1012 - Query Registry T1018 - Remote System Discovery T1021 T1021.001 T1021.002 - SMB/Windows Admin Shares T1021.005 T1027 - Obfuscated Files or Information T1027.002 T1027.010 T1027.013 T1033 - System Owner/User Discovery T1036 T1036.001 - Invalid Code Signature T1036.004 T1036.005 T1040 T1041 - Exfiltration Over C2 Channel T1046 T1047 T1048 T1049 T1053 T1053.005 T1055 - Process Injection T1055.001 - Dynamic-link Library Injection T1056 T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 T1059.003 T1059.005 T1059.007 T1068 - Exploitation for Privilege Escalation T1069 - Permission Groups Discovery T1069.001 T1070 T1070.001 - Clear Windows Event Logs T1070.004 - File Deletion T1071 - Application Layer Protocol T1071.001 T1072 T1078 - Valid Accounts T1078.002 T1078.003 T1082 - System Information Discovery T1083 - File and Directory Discovery T1087 T1087.003 T1090 T1090.002 T1102 T1104 T1105 T1106 - Native API T1110 T1112 T1113 T1114 T1115 T1129 T1132 T1132.001 T1133 T1134 T1135 T1136 T1136.001 T1137 T1140 - Deobfuscate/Decode Files or Information T1176 T1185 T1189 T1190 - Exploit Public-Facing Application T1195 T1202 - Indirect Command Execution T1203 T1204 - User Execution T1204.001 T1204.002 T1210 T1218 T1218.007 T1218.011 T1219 T1480 T1482 - Domain Trust Discovery T1484.001 - Group Policy Modification T1485 T1486 - Data Encrypted for Impact T1489 T1490 - Inhibit System Recovery T1491 T1496 T1505 - Server Software Component T1518 T1518.001 - Security Software Discovery T1530 T1531 T1539 T1543.003 - Windows Service T1546 T1547 - Boot or Logon Autostart Execution T1547.001 T1548 T1550.002 - Pass the Hash T1552 T1552.001 T1553 T1553.002 T1553.005 T1555 T1555.003 - Credentials from Web Browsers T1557 - Man-in-the-Middle T1559 T1559.002 T1560 T1562 T1562.001 - Disable or Modify Tools T1563 T1566 T1566.001 - Spearphishing Attachment T1566.002 - Spearphishing Link T1567 - Exfiltration Over Web Service T1568 T1568.001 T1570 - Lateral Tool Transfer T1571 T1572 T1573 T1573.002 T1574 - Hijack Execution Flow T1583 T1583.001 T1588 T1588.001 T1588.002 T1590 T1592 T1608 T1608.001 T1614

Related Zero-Days 9

CVE-2020-1472 CVE-2021-1732 CVE-2021-36942 CVE-2021-44228 CVE-2022-30190 CVE-2023-0669 CVE-2023-27350 CVE-2023-36802 CVE-2024-50623

TA505

Also Known As 13 names

Target Countries 5

Sectors Targeted

Details

MITRE ATT&CK 144

Related Zero-Days 9

Known Names 11 entries

Observed Target Countries 1

Description

Tools Used 34

Operations 25

Reports & References 10

ETDA Profile

MITRE ATT&CK Groups