← Back to Actors
Velvet Ant
Velvet Ant
[Velvet Ant](https://attack.mitre.org/groups/G1047) is a threat actor operating since at least 2021. [Velvet Ant](https://attack.mitre.org/groups/G1047) is associated with complex persistence mechanisms, the targeting of network devices and appliances during operations, and the use of zero day exploits.(Citation: Sygnia VelvetAnt 2024A)(Citation: Sygnia VelvetAnt 2024B)
22
Techniques
22
Covered
0
Gaps
100%
Coverage
Coverage22/22
COVERED (22)
T1021.002SMB/Windows Admin Shares67 det.T1036.005Match Legitimate Resource Name or Location44 det.T1037.004RC Scripts11 det.T1040Network Sniffing15 det.T1047Windows Management Instrumentation85 det.T1049System Network Connections Discovery21 det.T1055Process Injection76 det.T1059.004Unix Shell149 det.T1071Application Layer Protocol100 det.T1078.003Local Accounts23 det.T1083File and Directory Discovery48 det.T1090.001Internal Proxy10 det.T1132Data Encoding1 det.T1133External Remote Services72 det.T1211Exploitation for Defense Evasion6 det.T1562.001Disable or Modify Tools300 det.T1562.004Disable or Modify System Firewall45 det.T1569.002Service Execution63 det.T1570Lateral Tool Transfer20 det.T1571Non-Standard Port16 det.T1573.002Asymmetric Cryptography6 det.T1574.001DLL106 det.