← All stories

Google Threat Analysis Group

Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware

Wesley Shields · 2024-01-18 · Read original ↗

ATT&CK techniques detected

7 predictions

T1204.002Malicious File

94%

"hosted on cloud storage. delivered to target after initial lure pdf. 37c52481711631a5c73a6341bd8bea302ad57f02199db7624b580058547fb5a9 spica backdoor. named “ proton - decrypter. exe ”. c97acea1a6ef59d58a498f1e1f0e0648d6979c4325de3ee726038df1fc2e831d lure document, likely to provi…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1566.001Spearphishing Attachment

87%

"rapport with the target, increasing the likelihood of the phishing campaign ' s success, and eventually sends a phishing link or document containing a link. recently published information on coldriver highlights the group ' s evolving tactics, techniques and procedures ( ttps ), …"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1566.002Spearphishing Link

86%

"rapport with the target, increasing the likelihood of the phishing campaign ' s success, and eventually sends a phishing link or document containing a link. recently published information on coldriver highlights the group ' s evolving tactics, techniques and procedures ( ttps ), …"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1204.002Malicious File

75%

"functionality of this command is unclear once executed, spica decodes an embedded pdf, writes it to disk, and opens it as a decoy for the user. in the background, it establishes persistence and starts the main c2 loop, waiting for commands to execute. the backdoor establishes per…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1566.002Spearphishing Link

40%

"russian threat group coldriver expands its targeting of western officials to include the use of malware russian threat group coldriver expands its targeting of western officials to include the use of malware over the years, tag has analyzed a range of persistent threats including…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1204.002Malicious File

38%

"##5baeb2ee1 ( first observed november 2022 ) a949ec428116489f5e77cefc67fea475017e0f50d2289e17c3eb053072adcf24 ( first observed june 2023 ) c97acea1a6ef59d58a498f1e1f0e0648d6979c4325de3ee726038df1fc2e831d ( first observed august 2023 ) ac270310b5410e7430fe7e36a079525cd8724b002b38e…"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1598.002Spearphishing Attachment

32%

"rapport with the target, increasing the likelihood of the phishing campaign ' s success, and eventually sends a phishing link or document containing a link. recently published information on coldriver highlights the group ' s evolving tactics, techniques and procedures ( ttps ), …"

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

an illustrated blue box with the phrase "Threat Analysis Group" in white