← Back to Actors
Patchwork
PatchworkHangover GroupDropping ElephantChinastratsMONSOONOperation Hangover
[Patchwork](https://attack.mitre.org/groups/G0040) is a cyber espionage group that was first observed in December 2015. While the group has not been definitively attributed, circumstantial evidence suggests the group may be a pro-Indian or Indian entity. [Patchwork](https://attack.mitre.org/groups/G0040) has been seen targeting industries related to diplomatic and government agencies. Much of the code used by this group was copied and pasted from online forums. [Patchwork](https://attack.mitre.org/groups/G0040) was also seen operating spearphishing campaigns targeting U.S. think tank groups in...
41
Techniques
40
Covered
1
Gaps
98%
Coverage
Coverage40/41
GAPS (1)
COVERED (40)
T1005Data from Local System46 det.T1021.001Remote Desktop Protocol51 det.T1027.001Binary Padding3 det.T1027.002Software Packing1 det.T1027.005Indicator Removal from Tools6 det.T1027.010Command Obfuscation31 det.T1033System Owner/User Discovery59 det.T1036.005Match Legitimate Resource Name or Location44 det.T1053.005Scheduled Task82 det.T1055.012Process Hollowing8 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1059.005Visual Basic66 det.T1070.004File Deletion40 det.T1074.001Local Data Staging10 det.T1082System Information Discovery80 det.T1083File and Directory Discovery48 det.T1102.001Dead Drop Resolver7 det.T1105Ingress Tool Transfer170 det.T1112Modify Registry197 det.T1119Automated Collection11 det.T1132.001Standard Encoding5 det.T1189Drive-by Compromise10 det.T1197BITS Jobs23 det.T1203Exploitation for Client Execution71 det.T1204.001Malicious Link9 det.T1204.002Malicious File397 det.T1518.001Security Software Discovery8 det.T1547.001Registry Run Keys / Startup Folder50 det.T1548.002Bypass User Account Control83 det.T1553.002Code Signing3 det.T1555.003Credentials from Web Browsers15 det.T1559.002Dynamic Data Exchange1 det.T1560Archive Collected Data11 det.T1566.001Spearphishing Attachment850 det.T1566.002Spearphishing Link837 det.T1574.001DLL106 det.T1587.002Code Signing Certificates1 det.T1588.002Tool13 det.T1598.003Spearphishing Link271 det.