EXPLORE
Sign In
← Back to Actors

CURIUM

CURIUMCrimson SandstormTA456Tortoise ShellYellow Liderc

[CURIUM](https://attack.mitre.org/groups/G1012) is an Iranian threat group, first reported in September 2019 and active since at least July 2018, targeting IT service providers in the Middle East.(Citation: Symantec Tortoiseshell 2019) [CURIUM](https://attack.mitre.org/groups/G1012) has since invested in building relationships with potential targets via social media over a period of months to establish trust and confidence before sending malware. Security researchers note [CURIUM](https://attack.mitre.org/groups/G1012) has demonstrated great patience and persistence by chatting with potential ...

19
Techniques
12
Covered
7
Gaps
63%
Coverage
Coverage12/19

GAPS (7)

T1048.002Exfiltration Over Asymmetric Encrypted Non-C2 ProtocolT1583.003Virtual Private ServerT1583.004ServerT1584.006Web ServicesT1585.001Social Media AccountsT1585.002Email AccountsT1608.004Drive-by Target

COVERED (12)

T1005Data from Local System46 det.T1041Exfiltration Over C2 Channel30 det.T1059.001PowerShell338 det.T1082System Information Discovery80 det.T1124System Time Discovery4 det.T1189Drive-by Compromise10 det.T1204.002Malicious File397 det.T1505.003Web Shell57 det.T1566.001Spearphishing Attachment850 det.T1566.003Spearphishing via Service85 det.T1583.001Domains61 det.T1598.003Spearphishing Link271 det.