← Back to Actors
CURIUM
CURIUMCrimson SandstormTA456Tortoise ShellYellow Liderc
[CURIUM](https://attack.mitre.org/groups/G1012) is an Iranian threat group, first reported in September 2019 and active since at least July 2018, targeting IT service providers in the Middle East.(Citation: Symantec Tortoiseshell 2019) [CURIUM](https://attack.mitre.org/groups/G1012) has since invested in building relationships with potential targets via social media over a period of months to establish trust and confidence before sending malware. Security researchers note [CURIUM](https://attack.mitre.org/groups/G1012) has demonstrated great patience and persistence by chatting with potential ...
19
Techniques
12
Covered
7
Gaps
63%
Coverage
Coverage12/19
GAPS (7)
COVERED (12)
T1005Data from Local System47 det.T1041Exfiltration Over C2 Channel32 det.T1059.001PowerShell372 det.T1082System Information Discovery86 det.T1124System Time Discovery4 det.T1189Drive-by Compromise10 det.T1204.002Malicious File441 det.T1505.003Web Shell65 det.T1566.001Spearphishing Attachment979 det.T1566.003Spearphishing via Service96 det.T1583.001Domains62 det.T1598.003Spearphishing Link312 det.