EXPLORE
Sign In
← Back to Actors

APT39

APT39ITG07ChaferRemix Kitten

[APT39](https://attack.mitre.org/groups/G0087) is one of several names for cyber espionage activity conducted by the Iranian Ministry of Intelligence and Security (MOIS) through the front company Rana Intelligence Computing since at least 2014. [APT39](https://attack.mitre.org/groups/G0087) has primarily targeted the travel, hospitality, academic, and telecommunications industries in Iran and across Asia, Africa, Europe, and North America to track individuals and entities considered to be a threat by the MOIS.(Citation: FireEye APT39 Jan 2019)(Citation: Symantec Chafer Dec 2015)(Citation: FBI ...

53
Techniques
53
Covered
0
Gaps
100%
Coverage
Coverage53/53

COVERED (53)

T1003OS Credential Dumping113 det.T1003.001LSASS Memory111 det.T1005Data from Local System47 det.T1012Query Registry24 det.T1018Remote System Discovery50 det.T1021.001Remote Desktop Protocol53 det.T1021.002SMB/Windows Admin Shares73 det.T1021.004SSH34 det.T1027.002Software Packing1 det.T1027.013Encrypted/Encoded File8 det.T1033System Owner/User Discovery61 det.T1036.005Match Legitimate Resource Name or Location44 det.T1041Exfiltration Over C2 Channel31 det.T1046Network Service Discovery51 det.T1053.005Scheduled Task99 det.T1056Input Capture7 det.T1056.001Keylogging4 det.T1059Command and Scripting Interpreter486 det.T1059.001PowerShell368 det.T1059.005Visual Basic68 det.T1059.006Python49 det.T1059.010AutoHotKey & AutoIT1 det.T1070.004File Deletion42 det.T1071.001Web Protocols80 det.T1071.004DNS34 det.T1074.001Local Data Staging10 det.T1078Valid Accounts280 det.T1083File and Directory Discovery48 det.T1090.001Internal Proxy10 det.T1090.002External Proxy6 det.T1102.002Bidirectional Communication15 det.T1105Ingress Tool Transfer183 det.T1110Brute Force90 det.T1113Screen Capture18 det.T1115Clipboard Data16 det.T1135Network Share Discovery20 det.T1136.001Local Account43 det.T1140Deobfuscate/Decode Files or Information58 det.T1190Exploit Public-Facing Application216 det.T1197BITS Jobs25 det.T1204.001Malicious Link10 det.T1204.002Malicious File425 det.T1505.003Web Shell63 det.T1546.010AppInit DLLs2 det.T1547.001Registry Run Keys / Startup Folder53 det.T1547.009Shortcut Modification6 det.T1553.006Code Signing Policy Modification2 det.T1555Credentials from Password Stores40 det.T1560.001Archive via Utility26 det.T1566.001Spearphishing Attachment905 det.T1566.002Spearphishing Link904 det.T1569.002Service Execution64 det.T1588.002Tool13 det.