APT33

OriginIrã

Techniques (MITRE ATT&CK)31

SourceMITRE ATT&CK

Also known as:HOLMIUMElfinPeach Sandstorm

Vexday analysis

Grupo de origem iraniana rastreado pelo MITRE ATT&CK como G0064, o APT33 — também conhecido como HOLMIUM, Elfin e Peach Sandstorm — conduz operações desde pelo menos 2013, tendo como alvos organizações nos Estados Unidos, Arábia Saudita e Coreia do Sul, com interesse particular nos setores de aviação e energia. Ao grupo são atribuídas 31 técnicas documentadas no framework MITRE ATT&CK e 4 CVEs conhecidas por sua exploração.

Techniques (MITRE ATT&CK) 31

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development

Tool

Initial access

Spearphishing Attachment Spearphishing Link

Execution

Scheduled Task PowerShell Visual Basic Exploitation for Client Execution Malicious Link Malicious File

Persistence

Registry Run Keys / Startup Folder

Privilege escalation

Exploitation for Privilege Escalation Windows Management Instrumentation Event Subscription

Credential access

LSASS Memory LSA Secrets Cached Domain Credentials Network Sniffing Password Spraying Credentials In Files Group Policy Preferences Credentials from Password Stores Credentials from Web Browsers

Collection

Archive via Utility

Command and control

Web Protocols Ingress Tool Transfer Standard Encoding Non-Standard Port Symmetric Cryptography

Exfiltration

Exfiltration Over Unencrypted Non-C2 Protocol

stealth

Encrypted/Encoded File Valid Accounts Cloud Accounts

Exploited vulnerabilities 4

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2018-20250HIGHEPSS 96%KEV CVE-2017-0213HIGHEPSS 84%KEV CVE-2014-6352HIGHEPSS 78%KEV CVE-2017-11774HIGHEPSS 60%KEV

APT33 uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →