← Back to Actors
APT33
APT33HOLMIUMElfinPeach Sandstorm
[APT33](https://attack.mitre.org/groups/G0064) is a suspected Iranian threat group that has carried out operations since at least 2013. The group has targeted organizations across multiple industries in the United States, Saudi Arabia, and South Korea, with a particular interest in the aviation and energy sectors.(Citation: FireEye APT33 Sept 2017)(Citation: FireEye APT33 Webinar Sept 2017)
31
Techniques
30
Covered
1
Gaps
97%
Coverage
Coverage30/31
GAPS (1)
COVERED (30)
T1003.001LSASS Memory111 det.T1003.004LSA Secrets18 det.T1003.005Cached Domain Credentials12 det.T1027.013Encrypted/Encoded File8 det.T1040Network Sniffing15 det.T1048.003Exfiltration Over Unencrypted Non-C2 Protocol22 det.T1053.005Scheduled Task100 det.T1059.001PowerShell372 det.T1059.005Visual Basic69 det.T1068Exploitation for Privilege Escalation99 det.T1071.001Web Protocols81 det.T1078Valid Accounts297 det.T1078.004Cloud Accounts183 det.T1105Ingress Tool Transfer184 det.T1110.003Password Spraying66 det.T1132.001Standard Encoding5 det.T1203Exploitation for Client Execution79 det.T1204.001Malicious Link11 det.T1204.002Malicious File441 det.T1546.003Windows Management Instrumentation Event Subscription18 det.T1547.001Registry Run Keys / Startup Folder53 det.T1552.001Credentials In Files61 det.T1552.006Group Policy Preferences9 det.T1555Credentials from Password Stores41 det.T1555.003Credentials from Web Browsers16 det.T1560.001Archive via Utility26 det.T1566.001Spearphishing Attachment979 det.T1566.002Spearphishing Link1005 det.T1571Non-Standard Port17 det.T1588.002Tool13 det.