EXPLORE
Sign In
← Back to Actors

RedCurl

RedCurl

[RedCurl](https://attack.mitre.org/groups/G1039) is a threat actor active since 2018 notable for corporate espionage targeting a variety of locations, including Ukraine, Canada and the United Kingdom, and a variety of industries, including but not limited to travel agencies, insurance companies, and banks.(Citation: group-ib_redcurl1) [RedCurl](https://attack.mitre.org/groups/G1039) is allegedly a Russian-speaking threat actor.(Citation: group-ib_redcurl1)(Citation: group-ib_redcurl2) The group’s operations typically start with spearphishing emails to gain initial access, then the group execut...

41
Techniques
39
Covered
2
Gaps
95%
Coverage
Coverage39/41

GAPS (2)

T1087.003Email AccountT1573.001Symmetric Cryptography

COVERED (39)

T1003.001LSASS Memory111 det.T1005Data from Local System47 det.T1020Automated Exfiltration20 det.T1027Obfuscated Files or Information561 det.T1036.005Match Legitimate Resource Name or Location44 det.T1039Data from Network Shared Drive6 det.T1046Network Service Discovery51 det.T1053.005Scheduled Task99 det.T1056.002GUI Input Capture5 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1059.005Visual Basic68 det.T1059.006Python49 det.T1070.004File Deletion42 det.T1071.001Web Protocols80 det.T1080Taint Shared Content2 det.T1082System Information Discovery86 det.T1083File and Directory Discovery48 det.T1087.001Local Account33 det.T1087.002Domain Account57 det.T1102Web Service34 det.T1114.001Local Email Collection11 det.T1119Automated Collection12 det.T1199Trusted Relationship6 det.T1202Indirect Command Execution58 det.T1204.001Malicious Link10 det.T1204.002Malicious File425 det.T1218.011Rundll3275 det.T1537Transfer Data to Cloud Account26 det.T1547.001Registry Run Keys / Startup Folder53 det.T1552.001Credentials In Files61 det.T1552.002Credentials in Registry7 det.T1555.003Credentials from Web Browsers16 det.T1560.001Archive via Utility26 det.T1564.001Hidden Files and Directories25 det.T1566.001Spearphishing Attachment905 det.T1566.002Spearphishing Link904 det.T1573.002Asymmetric Cryptography6 det.T1587.001Malware10 det.