ToddyCat

[ToddyCat](https://attack.mitre.org/groups/G1022) is a sophisticated threat group that has been active since at least 2020 using custom loaders and malware in multi-stage infection chains against government and military targets across Europe and Asia.(Citation: Kaspersky ToddyCat June 2022)(Citation: Kaspersky ToddyCat Check Logs October 2023)

Techniques

Covered

Gaps

96%

Coverage

Coverage25/26

GAPS (1)

T1680Local Storage Discovery

COVERED (25)

T1005Data from Local System47 det.T1018Remote System Discovery50 det.T1021.002SMB/Windows Admin Shares73 det.T1036.005Match Legitimate Resource Name or Location44 det.T1047Windows Management Instrumentation87 det.T1049System Network Connections Discovery22 det.T1053.005Scheduled Task99 det.T1057Process Discovery20 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1069.002Domain Groups44 det.T1074.002Remote Data Staging3 det.T1078.002Domain Accounts28 det.T1083File and Directory Discovery48 det.T1087.002Domain Account57 det.T1095Non-Application Layer Protocol23 det.T1106Native API29 det.T1190Exploit Public-Facing Application216 det.T1518.001Security Software Discovery10 det.T1560.001Archive via Utility26 det.T1562.004Disable or Modify System Firewall48 det.T1564.003Hidden Window11 det.T1566.003Spearphishing via Service88 det.T1567.002Exfiltration to Cloud Storage29 det.T1686Disable or Modify System Firewall19 det.