groups g1046 — Search

US Masquerading: Match Legitimate Resource Name or Location, Sub-technique T1036.005 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/versions/v17/techniques/T1036/005

…rs Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups. Retrieved May 16, 2018. Sherstobitoff, R., Malhotra, A., et. al.. (2018, December 18). Operation Sharpshooter Campaign Targets Global Defense, Critical Infrastructure. Retrieved May 14, 2020. …

2026-04-24 14:56 View archive →

US Input Capture, Technique T1056 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/versions/v17/techniques/T1056

…ed malicious item that allows for recording logon information in cleartext. [9] G1046 Storm-1811 Storm-1811 has used a PowerShell script to capture user credentials after prompting a user to authenticate to run a malicious script masquerading as a legitimate update item. [10] C00…

2026-04-24 14:31 View archive →

US Masquerading: Match Legitimate Resource Name or Location, Sub-technique T1036.005 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/techniques/T1036/005

…ng conventions that match legitimate services to include AdobePlugins.exe. [41] G1046 Storm-1811 Storm-1811 has disguised Cobalt Strike installers as a malicious DLL masquerading as part of a legitimate 7zip installation package. [201] S1183 StrelaStealer StrelaStealer payloads h…

2026-04-25 09:29 View archive →

US Data Encrypted for Impact, Technique T1486 - Enterprise | MITRE ATT&CK®

https://attack.mitre.org/versions/v17/techniques/T1486

…egitimate BitLocker application to encrypt victim files for ransom. [131] [132] G1046 Storm-1811 Storm-1811 is a financially-motivated entity linked to the deployment of Black Basta ransomware in victim environments. [133] S0242 SynAck SynAck encrypts the victims machine followed…

2026-04-24 14:22 View archive →