← Back to Actors
Winter Vivern
Winter VivernTA473UAC-0114
Winter Vivern is a group linked to Russian and Belorussian interests active since at least 2020 targeting various European government and NGO entities, along with sporadic targeting of Indian and US victims. The group leverages a combination of document-based phishing activity and server-side exploitation for initial access, leveraging adversary-controlled and -created infrastructure for follow-on command and control.(Citation: DomainTools WinterVivern 2021)(Citation: SentinelOne WinterVivern 2023)(Citation: CERT-UA WinterVivern 2023)(Citation: ESET WinterVivern 2023)(Citation: Proofpoint Wint...
27
Techniques
24
Covered
3
Gaps
89%
Coverage
Coverage24/27
COVERED (24)
T1020Automated Exfiltration20 det.T1033System Owner/User Discovery61 det.T1036Masquerading572 det.T1036.004Masquerade Task or Service7 det.T1041Exfiltration Over C2 Channel32 det.T1053.005Scheduled Task100 det.T1059Command and Scripting Interpreter514 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1059.007JavaScript63 det.T1071.001Web Protocols81 det.T1082System Information Discovery86 det.T1083File and Directory Discovery48 det.T1105Ingress Tool Transfer184 det.T1113Screen Capture18 det.T1114.001Local Email Collection11 det.T1119Automated Collection12 det.T1140Deobfuscate/Decode Files or Information58 det.T1189Drive-by Compromise10 det.T1190Exploit Public-Facing Application227 det.T1204.001Malicious Link11 det.T1566.001Spearphishing Attachment979 det.T1583.001Domains62 det.T1595.002Vulnerability Scanning13 det.