🇷🇺
BelialDemon
APT Group
11 zero-day CVEs
Also Known As 1 names
Matanbuchus
Target Countries 2
Countries highlighted in red
India
South Africa
Details
Origin
🇷🇺 RU
Last Updated
01 Jun 2022
MITRE ATT&CK 138
T1001 - Data Obfuscation
T1003 - OS Credential Dumping
T1005
T1007
T1008
T1011
T1012 - Query Registry
T1016 - System Network Configuration Discovery
T1021
T1027 - Obfuscated Files or Information
T1027.001 - Binary Padding
T1027.002 - Software Packing
T1027.005
T1028 - Windows Remote Management
T1033 - System Owner/User Discovery
T1036 - Masquerading
T1036.005 - Match Legitimate Name or Location
T1041 - Exfiltration Over C2 Channel
T1047 - Windows Management Instrumentation
T1048
T1049
T1053 - Scheduled Task/Job
T1053.004 - Launchd
T1053.005 - Scheduled Task
T1055 - Process Injection
T1056 - Input Capture
T1056.004 - Credential API Hooking
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1059.004 - Unix Shell
T1059.005
T1059.007
T1060
T1068
T1070 - Indicator Removal on Host
T1071
T1071.001 - Web Protocols
T1071.004 - DNS
T1072 - Software Deployment Tools
T1078 - Valid Accounts
T1081
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1085
T1087
T1090 - Proxy
T1095
T1102 - Web Service
T1104 - Multi-Stage Channels
T1105 - Ingress Tool Transfer
T1106
T1110 - Brute Force
T1112
T1114
T1114.001
T1115 - Clipboard Data
T1119 - Automated Collection
T1120
T1123 - Audio Capture
T1124 - System Time Discovery
T1125 - Video Capture
T1127
T1129 - Shared Modules
T1130
T1132
T1133 - External Remote Services
T1134 - Access Token Manipulation
T1136
T1137
T1140 - Deobfuscate/Decode Files or Information
T1170
T1176 - Browser Extensions
T1189 - Drive-by Compromise
T1190
T1193 - Spearphishing Attachment
T1195 - Supply Chain Compromise
T1195.002
T1204 - User Execution
T1204.001 - Malicious Link
T1204.002
T1217
T1218 - Signed Binary Proxy Execution
T1218.010 - Regsvr32
T1219 - Remote Access Software
T1485
T1486 - Data Encrypted for Impact
T1489
T1490 - Inhibit System Recovery
T1496 - Resource Hijacking
T1497 - Virtualization/Sandbox Evasion
T1497.001 - System Checks
T1497.003
T1498 - Network Denial of Service
T1503
T1518 - Software Discovery
T1529
T1530
T1531
T1539
T1543
T1543.003 - Windows Service
T1546.004 - Unix Shell Configuration Modification
T1547 - Boot or Logon Autostart Execution
T1547.001 - Registry Run Keys / Startup Folder
T1548
T1548.003 - Sudo and Sudo Caching
T1550
T1552
T1553 - Subvert Trust Controls
T1553.002 - Code Signing
T1555
T1555.003 - Credentials from Web Browsers
T1557.002 - ARP Cache Poisoning
T1560
T1561
T1562 - Impair Defenses
T1562.001
T1562.006 - Indicator Blocking
T1564 - Hide Artifacts
T1566 - Phishing
T1566.001 - Spearphishing Attachment
T1567 - Exfiltration Over Web Service
T1569.002
T1571
T1573 - Encrypted Channel
T1573.002
T1574 - Hijack Execution Flow
T1578.004
T1583
T1583.001 - Domains
T1584.001 - Domains
T1587 - Develop Capabilities
T1591.001
T1595
T1608.001
T1608.004