🇷🇺
Silence group
APT Group
Financial crime
13 zero-day CVEs
ETDA ✓
Also Known As 2 names
Silence
WHISPER SPIDER
Target Countries 61
Countries highlighted in red
Antigua and Barbuda
Armenia
Austria
Australia
Azerbaijan
Bangladesh
Belgium
Bulgaria
Belarus
Belize
Canada
Switzerland
Chile
China
Costa Rica
Cyprus
Germany
Spain
Finland
France
United Kingdom
Georgia
Ghana
Gibraltar
Greece
Hong Kong
Croatia
Indonesia
Ireland
Israel
India
Jamaica
Jordan
Kenya
Kyrgyzstan
Republic of Korea
Kazakhstan
Sri Lanka
Luxembourg
Latvia
Republic of Moldova
Mexico
Malaysia
Netherlands
Norway
Panama
Pakistan
Poland
Romania
Serbia
Saudi Arabia
Seychelles
Sweden
Singapore
Thailand
Turkey
Province of China Taiwan
Ukraine
United States
Uzbekistan
Vietnam
Sectors Targeted
Financial
Commercial Banking
52211
Telecommunications
517
Government
Computer Systems Design and Related Services
54151
Manufacturing
Pharmaceutical
Details
Origin
🇷🇺 RU
Last Updated
14 May 2024
Malware Families 1
atmosphere
MITRE ATT&CK 137
T1003 - OS Credential Dumping
T1003.001
T1005 - Data from Local System
T1007 - System Service Discovery
T1008 - Fallback Channels
T1011 - Exfiltration Over Other Network Medium
T1012 - Query Registry
T1016 - System Network Configuration Discovery
T1018
T1021 - Remote Services
T1021.001
T1027 - Obfuscated Files or Information
T1027.010
T1029 - Scheduled Transfer
T1030 - Data Transfer Size Limits
T1033 - System Owner/User Discovery
T1036 - Masquerading
T1036.004 - Masquerade Task or Service
T1036.005
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1047 - Windows Management Instrumentation
T1048 - Exfiltration Over Alternative Protocol
T1049 - System Network Connections Discovery
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task
T1055 - Process Injection
T1056 - Input Capture
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1059.005
T1059.007
T1060 - Registry Run Keys / Startup Folder
T1068 - Exploitation for Privilege Escalation
T1070 - Indicator Removal on Host
T1070.004
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1072
T1078 - Valid Accounts
T1078.003 - Local Accounts
T1081 - Credentials in Files
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1085 - Rundll32
T1087 - Account Discovery
T1090 - Proxy
T1090.002
T1091 - Replication Through Removable Media
T1095 - Non-Application Layer Protocol
T1102 - Web Service
T1104 - Multi-Stage Channels
T1105 - Ingress Tool Transfer
T1106 - Native API
T1110 - Brute Force
T1112 - Modify Registry
T1113 - Screen Capture
T1114 - Email Collection
T1114.001 - Local Email Collection
T1115 - Clipboard Data
T1119 - Automated Collection
T1120 - Peripheral Device Discovery
T1123 - Audio Capture
T1124 - System Time Discovery
T1125
T1127 - Trusted Developer Utilities Proxy Execution
T1129 - Shared Modules
T1130 - Install Root Certificate
T1132 - Data Encoding
T1132.001 - Standard Encoding
T1133 - External Remote Services
T1134 - Access Token Manipulation
T1135 - Network Share Discovery
T1136 - Create Account
T1136.001
T1137 - Office Application Startup
T1140 - Deobfuscate/Decode Files or Information
T1170 - Mshta
T1176 - Browser Extensions
T1189 - Drive-by Compromise
T1190 - Exploit Public-Facing Application
T1203 - Exploitation for Client Execution
T1204 - User Execution
T1204.002 - Malicious File
T1205.002
T1210 - Exploitation of Remote Services
T1217 - Browser Bookmark Discovery
T1218 - Signed Binary Proxy Execution
T1218.001
T1218.011 - Rundll32
T1219 - Remote Access Software
T1485 - Data Destruction
T1486 - Data Encrypted for Impact
T1489 - Service Stop
T1490 - Inhibit System Recovery
T1497 - Virtualization/Sandbox Evasion
T1497.003 - Time Based Evasion
T1498 - Network Denial of Service
T1498.001
T1503 - Credentials from Web Browsers
T1505 - Server Software Component
T1518 - Software Discovery
T1529 - System Shutdown/Reboot
T1530 - Data from Cloud Storage Object
T1531 - Account Access Removal
T1539 - Steal Web Session Cookie
T1543 - Create or Modify System Process
T1547 - Boot or Logon Autostart Execution
T1547.001
T1550 - Use Alternate Authentication Material
T1552 - Unsecured Credentials
T1553 - Subvert Trust Controls
T1553.002 - Code Signing
T1555 - Credentials from Password Stores
T1560 - Archive Collected Data
T1561 - Disk Wipe
T1562 - Impair Defenses
T1562.001 - Disable or Modify Tools
T1563 - Remote Service Session Hijacking
T1564 - Hide Artifacts
T1566 - Phishing
T1566.001
T1569 - System Services
T1569.002
T1570 - Lateral Tool Transfer
T1571 - Non-Standard Port
T1573 - Encrypted Channel
T1574 - Hijack Execution Flow
T1583 - Acquire Infrastructure
T1587 - Develop Capabilities
T1588
T1588.002
T1590 - Gather Victim Network Information
T1592 - Gather Victim Host Information
T1595 - Active Scanning