EXPLORE
Sign In
← Back to Actors

APT39

APT39ITG07ChaferRemix Kitten

[APT39](https://attack.mitre.org/groups/G0087) is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since at least 2014. [APT39](https://attack.mitre.org/groups/G0087) has primarily targeted the travel, hospitality, academic, and telecommunications industries in Iran and across Asia, Africa, Europe, and North America to track individuals and entities considered to be a threat by the MOIS.(Citation: FireEye APT39 Jan 2019)(Citation: Symantec Chafer Dec 2015)(Citation: FBI ...

53
Techniques
53
Covered
0
Gaps
100%
Coverage
Coverage53/53

COVERED (53)

T1003OS Credential Dumping106 det.T1003.001LSASS Memory105 det.T1005Data from Local System46 det.T1012Query Registry22 det.T1018Remote System Discovery46 det.T1021.001Remote Desktop Protocol51 det.T1021.002SMB/Windows Admin Shares67 det.T1021.004SSH31 det.T1027.002Software Packing1 det.T1027.013Encrypted/Encoded File7 det.T1033System Owner/User Discovery59 det.T1036.005Match Legitimate Resource Name or Location44 det.T1041Exfiltration Over C2 Channel30 det.T1046Network Service Discovery49 det.T1053.005Scheduled Task82 det.T1056Input Capture7 det.T1056.001Keylogging4 det.T1059Command and Scripting Interpreter462 det.T1059.001PowerShell338 det.T1059.005Visual Basic66 det.T1059.006Python43 det.T1059.010AutoHotKey & AutoIT1 det.T1070.004File Deletion40 det.T1071.001Web Protocols74 det.T1071.004DNS31 det.T1074.001Local Data Staging10 det.T1078Valid Accounts252 det.T1083File and Directory Discovery48 det.T1090.001Internal Proxy10 det.T1090.002External Proxy6 det.T1102.002Bidirectional Communication14 det.T1105Ingress Tool Transfer170 det.T1110Brute Force85 det.T1113Screen Capture17 det.T1115Clipboard Data15 det.T1135Network Share Discovery16 det.T1136.001Local Account42 det.T1140Deobfuscate/Decode Files or Information55 det.T1190Exploit Public-Facing Application208 det.T1197BITS Jobs23 det.T1204.001Malicious Link9 det.T1204.002Malicious File397 det.T1505.003Web Shell57 det.T1546.010AppInit DLLs2 det.T1547.001Registry Run Keys / Startup Folder50 det.T1547.009Shortcut Modification6 det.T1553.006Code Signing Policy Modification2 det.T1555Credentials from Password Stores38 det.T1560.001Archive via Utility24 det.T1566.001Spearphishing Attachment850 det.T1566.002Spearphishing Link837 det.T1569.002Service Execution63 det.T1588.002Tool13 det.