🇷🇺

VENOM SPIDER

APT Group Financial gain ETDA ✓

Also Known As 2 names

badbullz badbullzvenom

Target Countries 3

Countries highlighted in red

Argentina Ireland United States

Sectors Targeted

Financial Retail Human Resources Consulting Services 541612 Entertainment Employment Placement Agencies and Executive Search Services 56131 Pharmaceutical

Details

Origin 🇷🇺 RU
Last Updated 01 Jun 2022

MITRE ATT&CK 55

T1005 - Data from Local System T1012 - Query Registry T1016 - System Network Configuration Discovery T1016.001 - Internet Connection Discovery T1027 - Obfuscated Files or Information T1030 - Data Transfer Size Limits T1033 - System Owner/User Discovery T1040 - Network Sniffing T1041 - Exfiltration Over C2 Channel T1055 - Process Injection T1056.001 - Keylogging T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 - PowerShell T1059.003 - Windows Command Shell T1059.007 - JavaScript T1070 - Indicator Removal on Host T1071 - Application Layer Protocol T1071.001 - Web Protocols T1082 - System Information Discovery T1083 - File and Directory Discovery T1087 - Account Discovery T1090 - Proxy T1104 - Multi-Stage Channels T1105 - Ingress Tool Transfer T1112 - Modify Registry T1113 - Screen Capture T1124 - System Time Discovery T1132.001 - Standard Encoding T1134.002 T1140 - Deobfuscate/Decode Files or Information T1203 T1204 - User Execution T1204.002 - Malicious File T1218 - Signed Binary Proxy Execution T1490 - Inhibit System Recovery T1496 - Resource Hijacking T1497 - Virtualization/Sandbox Evasion T1497.003 - Time Based Evasion T1498 - Network Denial of Service T1518 - Software Discovery T1518.001 - Security Software Discovery T1539 - Steal Web Session Cookie T1547 - Boot or Logon Autostart Execution T1547.001 - Registry Run Keys / Startup Folder T1553 - Subvert Trust Controls T1555 - Credentials from Password Stores T1566 - Phishing T1566.001 T1566.002 - Spearphishing Link T1571 - Non-Standard Port T1573 - Encrypted Channel T1573.001 - Symmetric Cryptography T1574 - Hijack Execution Flow T1574.002 - DLL Side-Loading

Related Zero-Days

No zero-day CVE linked to this actor