← Back to Actors
Patchwork
PatchworkHangover GroupDropping ElephantChinastratsMONSOONOperation Hangover
[Patchwork](https://attack.mitre.org/groups/G0040) is a cyber espionage group that was first observed in December 2015. While the group has not been definitively attributed, circumstantial evidence suggests the group may be a pro-Indian or Indian entity. [Patchwork](https://attack.mitre.org/groups/G0040) has been seen targeting industries related to diplomatic and government agencies. Much of the code used by this group was copied and pasted from online forums. [Patchwork](https://attack.mitre.org/groups/G0040) was also seen operating spearphishing campaigns targeting U.S. think tank groups in...
41
Techniques
40
Covered
1
Gaps
98%
Coverage
Coverage40/41
GAPS (1)
COVERED (40)
T1005Data from Local System47 det.T1021.001Remote Desktop Protocol53 det.T1027.001Binary Padding3 det.T1027.002Software Packing1 det.T1027.005Indicator Removal from Tools6 det.T1027.010Command Obfuscation38 det.T1033System Owner/User Discovery61 det.T1036.005Match Legitimate Resource Name or Location44 det.T1053.005Scheduled Task99 det.T1055.012Process Hollowing9 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1059.005Visual Basic68 det.T1070.004File Deletion42 det.T1074.001Local Data Staging10 det.T1082System Information Discovery86 det.T1083File and Directory Discovery48 det.T1102.001Dead Drop Resolver7 det.T1105Ingress Tool Transfer183 det.T1112Modify Registry203 det.T1119Automated Collection12 det.T1132.001Standard Encoding5 det.T1189Drive-by Compromise10 det.T1197BITS Jobs25 det.T1203Exploitation for Client Execution75 det.T1204.001Malicious Link10 det.T1204.002Malicious File425 det.T1518.001Security Software Discovery10 det.T1547.001Registry Run Keys / Startup Folder53 det.T1548.002Bypass User Account Control84 det.T1553.002Code Signing3 det.T1555.003Credentials from Web Browsers16 det.T1559.002Dynamic Data Exchange1 det.T1560Archive Collected Data12 det.T1566.001Spearphishing Attachment905 det.T1566.002Spearphishing Link904 det.T1574.001DLL109 det.T1587.002Code Signing Certificates1 det.T1588.002Tool13 det.T1598.003Spearphishing Link285 det.