🇷🇺
Cold River
APT Group
Information theft and espionage
ETDA ✓
Also Known As 2 names
Nahr Elbard
Nahr el bared
Target Countries 7
Countries highlighted in red
Canada
United Kingdom
India
Lebanon
Sweden
Ukraine
United States
Sectors Targeted
Computer Systems Design and Related Services
54151
Think Tanks
Periodical Publishers
51112
Electric Power Generation
22111
Employment Placement Agencies and Executive Search Services
56131
NGOs
Research and Development in the Social Sciences and Humanities
54172
Defense
Colleges, Universities, and Professional Schools
6113
Details
Origin
🇷🇺 RU
Last Updated
01 Jun 2022
MITRE ATT&CK 62
T1005 - Data from Local System
T1012 - Query Registry
T1016 - System Network Configuration Discovery
T1027 - Obfuscated Files or Information
T1027.002 - Software Packing
T1033 - System Owner/User Discovery
T1036 - Masquerading
T1041 - Exfiltration Over C2 Channel
T1053.005 - Scheduled Task
T1056.001 - Keylogging
T1056.003 - Web Portal Capture
T1057 - Process Discovery
T1059
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1059.006 - Python
T1059.007 - JavaScript
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1074 - Data Staged
T1078
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1102 - Web Service
T1105 - Ingress Tool Transfer
T1112 - Modify Registry
T1114
T1114.002
T1114.003
T1115 - Clipboard Data
T1120 - Peripheral Device Discovery
T1124 - System Time Discovery
T1132.001 - Standard Encoding
T1140 - Deobfuscate/Decode Files or Information
T1204 - User Execution
T1204.001 - Malicious Link
T1204.002 - Malicious File
T1217 - Browser Bookmark Discovery
T1539
T1547.001 - Registry Run Keys / Startup Folder
T1550
T1550.004
T1566 - Phishing
T1566.001 - Spearphishing Attachment
T1571 - Non-Standard Port
T1583
T1583.001 - Domains
T1585
T1585.001
T1585.002
T1586
T1586.002
T1588
T1588.002
T1589
T1593
T1598
T1598.002
T1598.003
T1608
T1608.001
T1614 - System Location Discovery