← Back to Actors
ToddyCat
ToddyCat
[ToddyCat](https://attack.mitre.org/groups/G1022) is a sophisticated threat group that has been active since at least 2020 using custom loaders and malware in multi-stage infection chains against government and military targets across Europe and Asia.(Citation: Kaspersky ToddyCat June 2022)(Citation: Kaspersky ToddyCat Check Logs October 2023)
25
Techniques
24
Covered
1
Gaps
96%
Coverage
Coverage24/25
GAPS (1)
COVERED (24)
T1005Data from Local System46 det.T1018Remote System Discovery46 det.T1021.002SMB/Windows Admin Shares67 det.T1036.005Match Legitimate Resource Name or Location44 det.T1047Windows Management Instrumentation85 det.T1049System Network Connections Discovery21 det.T1053.005Scheduled Task82 det.T1057Process Discovery18 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1069.002Domain Groups42 det.T1074.002Remote Data Staging3 det.T1078.002Domain Accounts26 det.T1083File and Directory Discovery48 det.T1087.002Domain Account55 det.T1095Non-Application Layer Protocol23 det.T1106Native API27 det.T1190Exploit Public-Facing Application208 det.T1518.001Security Software Discovery8 det.T1560.001Archive via Utility24 det.T1562.004Disable or Modify System Firewall45 det.T1564.003Hidden Window11 det.T1566.003Spearphishing via Service85 det.T1567.002Exfiltration to Cloud Storage27 det.