🇷🇺
Evil Corp
APT Group
Financial crime
Financial gain
5 zero-day CVEs
ETDA ✓
Also Known As 1 names
GOLD DRAKE
Target Countries 7
Countries highlighted in red
Argentina
Brazil
United Kingdom
India
Lithuania
Netherlands
United States
Sectors Targeted
Computer Systems Design Services
541512
Internet Publishing and Broadcasting and Web Search Portals
51913
Promoters of Performing Arts, Sports, and Similar Events
7113
Media
Oil and Gas Extraction
211
Government
Insurance Carriers and Related Activities
524
Advertising Agencies
54181
Motion Picture and Video Production
51211
Financial
Healthcare
Data Processing, Hosting, and Related Services
51821
Computer Systems Design and Related Services
54151
Legal Services
5411
Newspaper Publishers
51111
Hospitals
622
Periodical Publishers
51112
Offices of Certified Public Accountants
541211
Software Publishers
51121
Grantmaking and Giving Services
8132
Construction
23
Details
Origin
🇷🇺 RU
Last Updated
01 Jun 2022
Malware Families 7
donut_injector
wastedlocker
feodo
houdini
zhmimikatz
fakeupdateru
H-worm
MITRE ATT&CK 112
T1003
T1003.001
T1005 - Data from Local System
T1007
T1012 - Query Registry
T1016 - System Network Configuration Discovery
T1018 - Remote System Discovery
T1021
T1021.001
T1021.002 - SMB/Windows Admin Shares
T1021.004
T1027 - Obfuscated Files or Information
T1031 - Modify Existing Service
T1033 - System Owner/User Discovery
T1036
T1036.001 - Invalid Code Signature
T1036.005
T1045 - Software Packing
T1046 - Network Service Scanning
T1047
T1053 - Scheduled Task/Job
T1055.001 - Dynamic-link Library Injection
T1056
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001
T1059.003
T1059.007
T1060 - Registry Run Keys / Startup Folder
T1068 - Exploitation for Privilege Escalation
T1069 - Permission Groups Discovery
T1070
T1070.001 - Clear Windows Event Logs
T1070.004 - File Deletion
T1071 - Application Layer Protocol
T1071.001
T1071.004 - DNS
T1074
T1074.001
T1078 - Valid Accounts
T1078.002
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1094 - Custom Command and Control Protocol
T1105 - Ingress Tool Transfer
T1106 - Native API
T1112
T1113 - Screen Capture
T1129 - Shared Modules
T1136
T1136.001
T1140 - Deobfuscate/Decode Files or Information
T1143 - Hidden Window
T1147 - Hidden Users
T1155 - AppleScript
T1189 - Drive-by Compromise
T1190 - Exploit Public-Facing Application
T1199
T1202 - Indirect Command Execution
T1204 - User Execution
T1204.001
T1204.002
T1218
T1218.007
T1449 - Exploit SS7 to Redirect Phone Calls/SMS
T1480 - Execution Guardrails
T1482 - Domain Trust Discovery
T1484
T1484.001 - Group Policy Modification
T1486 - Data Encrypted for Impact
T1489
T1490 - Inhibit System Recovery
T1518 - Software Discovery
T1518.001 - Security Software Discovery
T1543.003 - Windows Service
T1547 - Boot or Logon Autostart Execution
T1550.002 - Pass the Hash
T1552
T1552.001
T1553 - Subvert Trust Controls
T1555
T1555.005
T1558
T1558.003
T1562
T1562.001 - Disable or Modify Tools
T1566 - Phishing
T1566.001 - Spearphishing Attachment
T1566.002
T1567 - Exfiltration Over Web Service
T1567.002
T1568 - Dynamic Resolution
T1570 - Lateral Tool Transfer
T1574 - Hijack Execution Flow
T1583 - Acquire Infrastructure
T1583.004
T1583.005 - Botnet
T1583.008
T1584 - Compromise Infrastructure
T1584.001
T1584.004
T1585
T1585.002
T1587
T1587.001
T1590
T1608
T1608.001
T1608.004
T1608.006
T1685
T1685.005