← Back to Actors
Dragonfly
DragonflyTEMP.IsotopeDYMALLOYBerserk BearTG-4192Crouching YetiIRON LIBERTYEnergetic BearGhost BlizzardBROMINE
[Dragonfly](https://attack.mitre.org/groups/G0035) is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16.(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB Factsheet April 2022) Active since at least 2010, [Dragonfly](https://attack.mitre.org/groups/G0035) has targeted defense and aviation companies, government entities, companies related to industrial control systems, and critical infrastructure sectors worldwide through supply chain, spearphishing, and drive-by compromise attacks.(Citation: Symantec Drag...
58
Techniques
53
Covered
5
Gaps
91%
Coverage
Coverage53/58
GAPS (5)
COVERED (53)
T1003.002Security Account Manager49 det.T1003.003NTDS36 det.T1003.004LSA Secrets18 det.T1005Data from Local System47 det.T1012Query Registry25 det.T1016System Network Configuration Discovery40 det.T1018Remote System Discovery51 det.T1021.001Remote Desktop Protocol53 det.T1033System Owner/User Discovery61 det.T1053.005Scheduled Task100 det.T1059Command and Scripting Interpreter514 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1059.006Python51 det.T1069.002Domain Groups44 det.T1070.001Clear Windows Event Logs16 det.T1070.004File Deletion43 det.T1071.002File Transfer Protocols1 det.T1074.001Local Data Staging10 det.T1078Valid Accounts297 det.T1083File and Directory Discovery48 det.T1087.002Domain Account57 det.T1098.007Additional Local or Domain Groups10 det.T1105Ingress Tool Transfer184 det.T1110Brute Force90 det.T1110.002Password Cracking2 det.T1112Modify Registry203 det.T1113Screen Capture18 det.T1114.002Remote Email Collection18 det.T1133External Remote Services74 det.T1135Network Share Discovery20 det.T1136.001Local Account43 det.T1187Forced Authentication23 det.T1189Drive-by Compromise10 det.T1190Exploit Public-Facing Application227 det.T1195.002Compromise Software Supply Chain23 det.T1203Exploitation for Client Execution79 det.T1204.002Malicious File441 det.T1210Exploitation of Remote Services35 det.T1221Template Injection1 det.T1505.003Web Shell65 det.T1547.001Registry Run Keys / Startup Folder53 det.T1560Archive Collected Data12 det.T1562.004Disable or Modify System Firewall48 det.T1564.002Hidden Users8 det.T1566.001Spearphishing Attachment979 det.T1583.001Domains62 det.T1588.002Tool13 det.T1595.002Vulnerability Scanning13 det.T1598.002Spearphishing Attachment2 det.T1598.003Spearphishing Link312 det.T1685.005Clear Windows Event Logs12 det.T1686Disable or Modify System Firewall19 det.