EXPLORE
Sign In
← Back to Actors

Dragonfly

DragonflyTEMP.IsotopeDYMALLOYBerserk BearTG-4192Crouching YetiIRON LIBERTYEnergetic BearGhost BlizzardBROMINE

[Dragonfly](https://attack.mitre.org/groups/G0035) is a cyber espionage group that has been attributed to Russia's Federal Security Service (FSB) Center 16.(Citation: DOJ Russia Targeting Critical Infrastructure March 2022)(Citation: UK GOV FSB Factsheet April 2022) Active since at least 2010, [Dragonfly](https://attack.mitre.org/groups/G0035) has targeted defense and aviation companies, government entities, companies related to industrial control systems, and critical infrastructure sectors worldwide through supply chain, spearphishing, and drive-by compromise attacks.(Citation: Symantec Drag...

56
Techniques
51
Covered
5
Gaps
91%
Coverage
Coverage51/56

GAPS (5)

T1036.010Masquerade Account NameT1583.003Virtual Private ServerT1584.004ServerT1591.002Business RelationshipsT1608.004Drive-by Target

COVERED (51)

T1003.002Security Account Manager45 det.T1003.003NTDS34 det.T1003.004LSA Secrets16 det.T1005Data from Local System46 det.T1012Query Registry22 det.T1016System Network Configuration Discovery35 det.T1018Remote System Discovery46 det.T1021.001Remote Desktop Protocol51 det.T1033System Owner/User Discovery59 det.T1053.005Scheduled Task82 det.T1059Command and Scripting Interpreter462 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1059.006Python43 det.T1069.002Domain Groups42 det.T1070.001Clear Windows Event Logs15 det.T1070.004File Deletion40 det.T1071.002File Transfer Protocols1 det.T1074.001Local Data Staging10 det.T1078Valid Accounts252 det.T1083File and Directory Discovery48 det.T1087.002Domain Account55 det.T1098.007Additional Local or Domain Groups9 det.T1105Ingress Tool Transfer170 det.T1110Brute Force85 det.T1110.002Password Cracking2 det.T1112Modify Registry197 det.T1113Screen Capture17 det.T1114.002Remote Email Collection18 det.T1133External Remote Services72 det.T1135Network Share Discovery16 det.T1136.001Local Account42 det.T1187Forced Authentication21 det.T1189Drive-by Compromise10 det.T1190Exploit Public-Facing Application208 det.T1195.002Compromise Software Supply Chain23 det.T1203Exploitation for Client Execution71 det.T1204.002Malicious File397 det.T1210Exploitation of Remote Services33 det.T1221Template Injection1 det.T1505.003Web Shell57 det.T1547.001Registry Run Keys / Startup Folder50 det.T1560Archive Collected Data11 det.T1562.004Disable or Modify System Firewall45 det.T1564.002Hidden Users8 det.T1566.001Spearphishing Attachment850 det.T1583.001Domains61 det.T1588.002Tool13 det.T1595.002Vulnerability Scanning12 det.T1598.002Spearphishing Attachment1 det.T1598.003Spearphishing Link271 det.