EXPLORE
Sign In
← Back to Actors

Storm-0501

Storm-0501

[Storm-0501](https://attack.mitre.org/groups/G1053) is a financially motivated cyber criminal group that uses commodity and open-source tools to conduct ransomware operations. [Storm-0501](https://attack.mitre.org/groups/G1053) has been active since 2021 and has previously been affiliated with Sabbath Ransomware and other Ransomware-as-a-Service (RaaS) variants such as Hive, [BlackCat](https://attack.mitre.org/software/S1068), Hunters International, [LockBit 3.0](https://attack.mitre.org/software/S1202), and [Embargo](https://attack.mitre.org/software/S1247) ransomware.(Citation: Avertium Stor...

42
Techniques
41
Covered
1
Gaps
98%
Coverage
Coverage41/42

GAPS (1)

T1588.006Vulnerabilities

COVERED (41)

T1003OS Credential Dumping113 det.T1003.006DCSync16 det.T1021.006Windows Remote Management22 det.T1021.007Cloud Services12 det.T1027.002Software Packing1 det.T1036.004Masquerade Task or Service7 det.T1053.005Scheduled Task99 det.T1057Process Discovery20 det.T1059.001PowerShell368 det.T1059.009Cloud API6 det.T1078.004Cloud Accounts167 det.T1082System Information Discovery86 det.T1087.002Domain Account57 det.T1087.004Cloud Account17 det.T1098.001Additional Cloud Credentials24 det.T1098.003Additional Cloud Roles53 det.T1110Brute Force90 det.T1190Exploit Public-Facing Application216 det.T1218.010Regsvr3243 det.T1218.011Rundll3275 det.T1219.002Remote Desktop Software50 det.T1482Domain Trust Discovery41 det.T1484.001Group Policy Modification19 det.T1484.002Trust Modification14 det.T1485Data Destruction91 det.T1486Data Encrypted for Impact360 det.T1490Inhibit System Recovery59 det.T1518.001Security Software Discovery10 det.T1526Cloud Service Discovery27 det.T1530Data from Cloud Storage32 det.T1537Transfer Data to Cloud Account26 det.T1552.004Private Keys22 det.T1555.005Password Managers4 det.T1555.006Cloud Secrets Management Stores8 det.T1556.009Conditional Access Policies4 det.T1567.002Exfiltration to Cloud Storage29 det.T1578.003Delete Cloud Instance1 det.T1580Cloud Infrastructure Discovery26 det.T1587.003Digital Certificates1 det.T1614.001System Language Discovery2 det.T1657Financial Theft14 det.