← Back to Actors
Velvet Ant
Velvet Ant
[Velvet Ant](https://attack.mitre.org/groups/G1047) is a threat actor operating since at least 2021. [Velvet Ant](https://attack.mitre.org/groups/G1047) is associated with complex persistence mechanisms, the targeting of network devices and appliances during operations, and the use of zero day exploits.(Citation: Sygnia VelvetAnt 2024A)(Citation: Sygnia VelvetAnt 2024B)
24
Techniques
24
Covered
0
Gaps
100%
Coverage
Coverage24/24
COVERED (24)
T1021.002SMB/Windows Admin Shares74 det.T1036.005Match Legitimate Resource Name or Location45 det.T1037.004RC Scripts11 det.T1040Network Sniffing15 det.T1047Windows Management Instrumentation88 det.T1049System Network Connections Discovery22 det.T1055Process Injection81 det.T1059.004Unix Shell165 det.T1071Application Layer Protocol112 det.T1078.003Local Accounts23 det.T1083File and Directory Discovery48 det.T1090.001Internal Proxy10 det.T1132Data Encoding1 det.T1133External Remote Services74 det.T1211Exploitation for Stealth6 det.T1562.001Disable or Modify Tools316 det.T1562.004Disable or Modify System Firewall48 det.T1569.002Service Execution64 det.T1570Lateral Tool Transfer23 det.T1571Non-Standard Port17 det.T1573.002Asymmetric Cryptography6 det.T1574.001DLL111 det.T1685Disable or Modify Tools279 det.T1686Disable or Modify System Firewall19 det.