Velvet Ant

Techniques (MITRE ATT&CK)22

SourceMITRE ATT&CK

Vexday analysis

Velvet Ant é um agente de ameaça em atividade desde pelo menos 2021, associado ao uso de mecanismos complexos de persistência, à exploração de dispositivos e appliances de rede durante suas operações e ao emprego de exploits de dia zero. O grupo possui 22 técnicas documentadas no MITRE ATT&CK e 1 CVE atribuída.

Techniques (MITRE ATT&CK) 22

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Execution

Windows Management Instrumentation Unix Shell Service Execution

Persistence

RC Scripts External Remote Services

Credential access

Network Sniffing

Discovery

System Network Connections Discovery File and Directory Discovery

Lateral movement

SMB/Windows Admin Shares Lateral Tool Transfer

Command and control

Application Layer Protocol Internal Proxy Data Encoding Non-Standard Port Asymmetric Cryptography

defense-impairment

Disable or Modify Tools Disable or Modify System Firewall

stealth

Match Legitimate Resource Name or Location Process Injection Local Accounts Exploitation for Stealth DLL

Exploited vulnerabilities 1

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2024-20399MEDIUMEPSS 4%KEV

Velvet Ant uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →