← Back to Actors
ToddyCat
ToddyCat
[ToddyCat](https://attack.mitre.org/groups/G1022) is a sophisticated threat group that has been active since at least 2020 using custom loaders and malware in multi-stage infection chains against government and military targets across Europe and Asia.(Citation: Kaspersky ToddyCat June 2022)(Citation: Kaspersky ToddyCat Check Logs October 2023)
26
Techniques
25
Covered
1
Gaps
96%
Coverage
Coverage25/26
GAPS (1)
COVERED (25)
T1005Data from Local System47 det.T1018Remote System Discovery51 det.T1021.002SMB/Windows Admin Shares74 det.T1036.005Match Legitimate Resource Name or Location45 det.T1047Windows Management Instrumentation88 det.T1049System Network Connections Discovery22 det.T1053.005Scheduled Task100 det.T1057Process Discovery21 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1069.002Domain Groups44 det.T1074.002Remote Data Staging3 det.T1078.002Domain Accounts28 det.T1083File and Directory Discovery48 det.T1087.002Domain Account57 det.T1095Non-Application Layer Protocol24 det.T1106Native API29 det.T1190Exploit Public-Facing Application227 det.T1518.001Security Software Discovery10 det.T1560.001Archive via Utility26 det.T1562.004Disable or Modify System Firewall48 det.T1564.003Hidden Window11 det.T1566.003Spearphishing via Service96 det.T1567.002Exfiltration to Cloud Storage31 det.T1686Disable or Modify System Firewall19 det.