← Back to Actors
APT33
APT33HOLMIUMElfinPeach Sandstorm
[APT33](https://attack.mitre.org/groups/G0064) is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the aviation and energy sectors.(Citation: FireEye APT33 Sept 2017)(Citation: FireEye APT33 Webinar Sept 2017)
31
Techniques
30
Covered
1
Gaps
97%
Coverage
Coverage30/31
GAPS (1)
COVERED (30)
T1003.001LSASS Memory111 det.T1003.004LSA Secrets18 det.T1003.005Cached Domain Credentials12 det.T1027.013Encrypted/Encoded File8 det.T1040Network Sniffing15 det.T1048.003Exfiltration Over Unencrypted Non-C2 Protocol21 det.T1053.005Scheduled Task99 det.T1059.001PowerShell368 det.T1059.005Visual Basic68 det.T1068Exploitation for Privilege Escalation99 det.T1071.001Web Protocols80 det.T1078Valid Accounts280 det.T1078.004Cloud Accounts167 det.T1105Ingress Tool Transfer183 det.T1110.003Password Spraying66 det.T1132.001Standard Encoding5 det.T1203Exploitation for Client Execution75 det.T1204.001Malicious Link10 det.T1204.002Malicious File425 det.T1546.003Windows Management Instrumentation Event Subscription18 det.T1547.001Registry Run Keys / Startup Folder53 det.T1552.001Credentials In Files61 det.T1552.006Group Policy Preferences9 det.T1555Credentials from Password Stores40 det.T1555.003Credentials from Web Browsers16 det.T1560.001Archive via Utility26 det.T1566.001Spearphishing Attachment905 det.T1566.002Spearphishing Link904 det.T1571Non-Standard Port16 det.T1588.002Tool13 det.