…ned deprecation of Enterprise's Defense Evasion tactic in the upcoming release. Groups APT28 APT28 APT28 is a threat group that has been attributed to Russia's General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165. [1] [2] …

…he following are the most notable threat group names related under MITRE ATT&CK G0007 and commonly used within the cybersecurity community: APT28 [ 14 Fancy Bear [ 14 Forest Blizzard [ 14 Blue Delta [ 15 Note: Cybersecurity companies have different methods of tracking and attribu…

…pril 2025 Version Permalink Live Version Procedure Examples ID Name Description G0007 APT28 Once APT28 gained access to the DCCC network, the group then proceeded to use that access to compromise the DNC network. [3] G0016 APT29 APT29 has compromised IT, cloud services, and manag…

… [6] G0026 APT18 APT18 can list files information for specific directories. [7] G0007 APT28 APT28 has used Forfiles to locate PDF, Excel, and Word documents during collection. The group also searched a compromised DCCC computer for specific terms. [8] [9] G0016 APT29 APT29 obtain…

…12] G0026 APT18 APT18 can list files information for specific directories. [13] G0007 APT28 APT28 has used Forfiles to locate PDF, Excel, and Word documents during collection. The group also searched a compromised DCCC computer for specific terms. [14] [15] G0022 APT3 APT3 has a …

…APT18 APT18 uses cmd.exe to execute commands on the victim’s machine. [10] [11] G0007 APT28 An APT28 loader Trojan uses a cmd.exe and batch script to run its payload. [12] The group has also used macros to execute payloads. [13] [14] [15] [16] G0016 APT29 APT29 used cmd.exe to ex…

…APT18 APT18 uses cmd.exe to execute commands on the victim’s machine. [14] [15] G0007 APT28 An APT28 loader Trojan uses a cmd.exe and batch script to run its payload. [16] The group has also used macros to execute payloads. [17] [18] [19] [20] G0022 APT3 An APT3 downloader uses t…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Hamzeloofard, S. (2020, January 31). New wave of PlugX targets Hong Kong | Avira Blog. Retrieved April 13, 2021. Kasza, A., H…

…December 19). Operation Wocao: Shining a light on one of China’s hidden hacking groups. Retrieved October 8, 2020. Bizeul, D., Fontarensky, I., Mouchoux, R., Perigaud, F., Pernet, C. (2014, July 11). Eye of the Tiger. Retrieved September 29, 2015. CISA. (2023, December 18). #Stop…

…pril 2025 Version Permalink Live Version Procedure Examples ID Name Description G0007 APT28 APT28 used other victims as proxies to relay command traffic, for instance using a compromised Georgian military email server as a hop point to NATO victims. The group has also used a tool…

…hell. [10] G0073 APT19 APT19 used PowerShell commands to execute payloads. [11] G0007 APT28 APT28 downloads and executes PowerShell scripts and performs PowerShell commands. [12] [13] [14] G0016 APT29 APT29 has used encoded PowerShell scripts uploaded to CozyCar installations to …

…19 also used an HTTP malware variant to communicate over HTTP for C2. [17] [18] G0007 APT28 Later implants used by APT28 , such as CHOPSTICK , use a blend of HTTP, HTTPS, and other legitimate channels for C2, depending on module configuration. [19] [20] G0050 APT32 APT32 has used…

…pril 2025 Version Permalink Live Version Procedure Examples ID Name Description G0007 APT28 APT28 has used large language models (LLMs) to gather information about satellite capabilities. [3] [4] G0094 Kimsuky Kimsuky has collected victim organization information including but no…

…hell. [12] G0073 APT19 APT19 used PowerShell commands to execute payloads. [13] G0007 APT28 APT28 downloads and executes PowerShell scripts and performs PowerShell commands. [14] [15] [16] C0051 APT28 Nearest Neighbor Campaign During APT28 Nearest Neighbor Campaign , APT28 used P…

…eat Research. (2019, October 7). China-Based APT Mustang Panda Targets Minority Groups, Public and Private Sector Organizations. Retrieved April 12, 2021. Victor, K.. (2020, May 18). Netwalker Fileless Ransomware Injected via Reflective Loading . Retrieved May 26, 2020. Szappanos…