EXPLORE
Sign In
← Back to Actors

Storm-0501

Storm-0501

[Storm-0501](https://attack.mitre.org/groups/G1053) is a financially motivated cyber criminal group that uses commodity and open-source tools to conduct ransomware operations. [Storm-0501](https://attack.mitre.org/groups/G1053) has been active since 2021 and has previously been affiliated with Sabbath Ransomware and other Ransomware-as-a-Service (RaaS) variants such as Hive, [BlackCat](https://attack.mitre.org/software/S1068), Hunters International, [LockBit 3.0](https://attack.mitre.org/software/S1202), and [Embargo](https://attack.mitre.org/software/S1247) ransomware.(Citation: Avertium Stor...

42
Techniques
41
Covered
1
Gaps
98%
Coverage
Coverage41/42

GAPS (1)

T1588.006Vulnerabilities

COVERED (41)

T1003OS Credential Dumping106 det.T1003.006DCSync14 det.T1021.006Windows Remote Management22 det.T1021.007Cloud Services10 det.T1027.002Software Packing1 det.T1036.004Masquerade Task or Service7 det.T1053.005Scheduled Task82 det.T1057Process Discovery18 det.T1059.001PowerShell338 det.T1059.009Cloud API5 det.T1078.004Cloud Accounts149 det.T1082System Information Discovery80 det.T1087.002Domain Account55 det.T1087.004Cloud Account13 det.T1098.001Additional Cloud Credentials24 det.T1098.003Additional Cloud Roles53 det.T1110Brute Force85 det.T1190Exploit Public-Facing Application208 det.T1218.010Regsvr3241 det.T1218.011Rundll3273 det.T1219.002Remote Desktop Software48 det.T1482Domain Trust Discovery38 det.T1484.001Group Policy Modification18 det.T1484.002Trust Modification14 det.T1485Data Destruction90 det.T1486Data Encrypted for Impact339 det.T1490Inhibit System Recovery56 det.T1518.001Security Software Discovery8 det.T1526Cloud Service Discovery23 det.T1530Data from Cloud Storage30 det.T1537Transfer Data to Cloud Account26 det.T1552.004Private Keys20 det.T1555.005Password Managers4 det.T1555.006Cloud Secrets Management Stores7 det.T1556.009Conditional Access Policies4 det.T1567.002Exfiltration to Cloud Storage27 det.T1578.003Delete Cloud Instance1 det.T1580Cloud Infrastructure Discovery24 det.T1587.003Digital Certificates1 det.T1614.001System Language Discovery2 det.T1657Financial Theft12 det.