← Back to Actors
APT33
APT33HOLMIUMElfinPeach Sandstorm
[APT33](https://attack.mitre.org/groups/G0064) is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the aviation and energy sectors.(Citation: FireEye APT33 Sept 2017)(Citation: FireEye APT33 Webinar Sept 2017)
31
Techniques
30
Covered
1
Gaps
97%
Coverage
Coverage30/31
GAPS (1)
COVERED (30)
T1003.001LSASS Memory105 det.T1003.004LSA Secrets16 det.T1003.005Cached Domain Credentials11 det.T1027.013Encrypted/Encoded File7 det.T1040Network Sniffing15 det.T1048.003Exfiltration Over Unencrypted Non-C2 Protocol20 det.T1053.005Scheduled Task82 det.T1059.001PowerShell338 det.T1059.005Visual Basic66 det.T1068Exploitation for Privilege Escalation91 det.T1071.001Web Protocols74 det.T1078Valid Accounts252 det.T1078.004Cloud Accounts149 det.T1105Ingress Tool Transfer170 det.T1110.003Password Spraying65 det.T1132.001Standard Encoding5 det.T1203Exploitation for Client Execution71 det.T1204.001Malicious Link9 det.T1204.002Malicious File397 det.T1546.003Windows Management Instrumentation Event Subscription17 det.T1547.001Registry Run Keys / Startup Folder50 det.T1552.001Credentials In Files53 det.T1552.006Group Policy Preferences8 det.T1555Credentials from Password Stores38 det.T1555.003Credentials from Web Browsers15 det.T1560.001Archive via Utility24 det.T1566.001Spearphishing Attachment850 det.T1566.002Spearphishing Link837 det.T1571Non-Standard Port16 det.T1588.002Tool13 det.