← Back to Actors
APT39
APT39ITG07ChaferRemix Kitten
[APT39](https://attack.mitre.org/groups/G0087) is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since at least 2014. [APT39](https://attack.mitre.org/groups/G0087) has primarily targeted the travel, hospitality, academic, and telecommunications industries in Iran and across Asia, Africa, Europe, and North America to track individuals and entities considered to be a threat by the MOIS.(Citation: FireEye APT39 Jan 2019)(Citation: Symantec Chafer Dec 2015)(Citation: FBI ...
53
Techniques
53
Covered
0
Gaps
100%
Coverage
Coverage53/53
COVERED (53)
T1003OS Credential Dumping113 det.T1003.001LSASS Memory111 det.T1005Data from Local System47 det.T1012Query Registry25 det.T1018Remote System Discovery51 det.T1021.001Remote Desktop Protocol53 det.T1021.002SMB/Windows Admin Shares74 det.T1021.004SSH35 det.T1027.002Software Packing2 det.T1027.013Encrypted/Encoded File8 det.T1033System Owner/User Discovery61 det.T1036.005Match Legitimate Resource Name or Location45 det.T1041Exfiltration Over C2 Channel32 det.T1046Network Service Discovery51 det.T1053.005Scheduled Task100 det.T1056Input Capture7 det.T1056.001Keylogging4 det.T1059Command and Scripting Interpreter514 det.T1059.001PowerShell372 det.T1059.005Visual Basic69 det.T1059.006Python51 det.T1059.010AutoHotKey & AutoIT1 det.T1070.004File Deletion43 det.T1071.001Web Protocols81 det.T1071.004DNS35 det.T1074.001Local Data Staging10 det.T1078Valid Accounts297 det.T1083File and Directory Discovery48 det.T1090.001Internal Proxy10 det.T1090.002External Proxy8 det.T1102.002Bidirectional Communication16 det.T1105Ingress Tool Transfer184 det.T1110Brute Force90 det.T1113Screen Capture18 det.T1115Clipboard Data16 det.T1135Network Share Discovery20 det.T1136.001Local Account43 det.T1140Deobfuscate/Decode Files or Information58 det.T1190Exploit Public-Facing Application227 det.T1197BITS Jobs25 det.T1204.001Malicious Link11 det.T1204.002Malicious File441 det.T1505.003Web Shell65 det.T1546.010AppInit DLLs2 det.T1547.001Registry Run Keys / Startup Folder53 det.T1547.009Shortcut Modification6 det.T1553.006Code Signing Policy Modification2 det.T1555Credentials from Password Stores41 det.T1560.001Archive via Utility26 det.T1566.001Spearphishing Attachment979 det.T1566.002Spearphishing Link1005 det.T1569.002Service Execution64 det.T1588.002Tool13 det.