← Back to Actors
Velvet Ant
Velvet Ant
[Velvet Ant](https://attack.mitre.org/groups/G1047) is a threat actor operating since at least 2021. [Velvet Ant](https://attack.mitre.org/groups/G1047) is associated with complex persistence mechanisms, the targeting of network devices and appliances during operations, and the use of zero day exploits.(Citation: Sygnia VelvetAnt 2024A)(Citation: Sygnia VelvetAnt 2024B)
24
Techniques
24
Covered
0
Gaps
100%
Coverage
Coverage24/24
COVERED (24)
T1021.002SMB/Windows Admin Shares73 det.T1036.005Match Legitimate Resource Name or Location44 det.T1037.004RC Scripts11 det.T1040Network Sniffing15 det.T1047Windows Management Instrumentation87 det.T1049System Network Connections Discovery22 det.T1055Process Injection79 det.T1059.004Unix Shell155 det.T1071Application Layer Protocol104 det.T1078.003Local Accounts23 det.T1083File and Directory Discovery48 det.T1090.001Internal Proxy10 det.T1132Data Encoding1 det.T1133External Remote Services72 det.T1211Exploitation for Stealth6 det.T1562.001Disable or Modify Tools311 det.T1562.004Disable or Modify System Firewall48 det.T1569.002Service Execution64 det.T1570Lateral Tool Transfer22 det.T1571Non-Standard Port16 det.T1573.002Asymmetric Cryptography6 det.T1574.001DLL109 det.T1685Disable or Modify Tools278 det.T1686Disable or Modify System Firewall19 det.