campaigns C0040 — Search

US Archive Collected Data: Archive via Utility, Sub-technique T1560.001 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/versions/v17/techniques/T1560/001

…er 26, 2024. Hunt & Hackett Research Team. (2024, January 5). Turkish espionage campaigns in the Netherlands. Retrieved November 20, 2024. Cash, D. et al. (2020, December 14). Dark Halo Leverages SolarWinds Compromise to Breach Organizations. Retrieved December 29, 2020. MSTIC, C…

2026-04-24 14:15 View archive →

US Server Software Component: Web Shell, Sub-technique T1505.003 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/techniques/T1505/003

… access. [9] G0087 APT39 APT39 has installed ANTAK and ASPXSPY web shells. [10] C0040 APT41 DUST APT41 DUST involved use of web shells such as ANTSWORD and BLUEBEAM for persistence. [11] G1023 APT5 APT5 has installed multiple web shells on compromised servers including on Pulse S…

2026-04-25 06:00 View archive →

US Cobalt Strike, Software S0154 | MITRE ATT&CK®

https://attack.mitre.org/versions/v17/software/S0154

…ider [77] [40] [78] G0102 Wizard Spider [79] [80] [81] [82] [83] [84] [85] [86] Campaigns ID Name Description C0040 APT41 DUST Cobalt Strike was used during APT41 DUST [43] C0015 C0015 [12] C0017 C0017 During C0017 APT41 used the DUSTPAN in-memory dropper to drop a Cobalt Strike …

2026-04-24 15:07 View archive →

US Indicator Removal: File Deletion, Sub-technique T1070.004 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/versions/v17/techniques/T1070/004

…ra, H., Maruyama, E. (2020, April 17). Gamaredon APT Group Use Covid-19 Lure in Campaigns. Retrieved May 19, 2020. Symantec. (2022, January 31). Shuckworm Continues Cyber-Espionage Attacks Against Ukraine. Retrieved February 17, 2022. CERT-EE. (2021, January 27). Gamaredon Infect…

2026-04-24 15:18 View archive →

US Exfiltration Over Web Service: Exfiltration to Cloud Storage, Sub-technique T1567.002 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/versions/v17/techniques/T1567/002

…4 Akira Akira will exfiltrate victim data using applications such as Rclone [1] C0040 APT41 DUST APT41 DUST exfiltrated collected information to OneDrive. [2] S0635 BoomBox BoomBox can upload data to dedicated per-victim folders in Dropbox. [3] S0651 BoxCaon BoxCaon has the capab…

2026-04-24 13:36 View archive →

US Automated Collection, Technique T1119 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/versions/v17/techniques/T1119

…e. (2023, September 14). Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety. Retrieved January 2, 2024. Or Chechik, Tom Fakterman, Daniel Frank & Assaf Dahan. (2023, November 6). Agonizing Serpens (Aka Agrius) T…

2026-04-24 14:26 View archive →

US Hijack Execution Flow: DLL, Sub-technique T1574.001 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/versions/v17/techniques/T1574/001

…. Retrieved May 26, 2020. Sierra, E., Iglesias, G.. (2018, April 24). Metamorfo Campaigns Targeting Brazilian Users. Retrieved July 30, 2020. ESET Research. (2019, October 3). Casbaneiro: peculiarities of this banking Trojan that affects Brazil and Mexico. Retrieved September 23,…

2026-04-24 13:39 View archive →

US Ingress Tool Transfer, Technique T1105 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/versions/v17/techniques/T1105

…ra, H., Maruyama, E. (2020, April 17). Gamaredon APT Group Use Covid-19 Lure in Campaigns. Retrieved May 19, 2020. Boutin, J. (2020, June 11). Gamaredon group grows its game. Retrieved June 16, 2020. Microsoft Threat Intelligence Center. (2022, February 4). ACTINIUM targets Ukrai…

2026-04-24 13:45 View archive →