Description
[Dark Caracal](https://attack.mitre.org/groups/G0070) is threat group that has been attributed to the Lebanese General Directorate of General Security (GDGS) and has operated since at least 2012. (Citation: Lookout Dark Caracal Jan 2018)
Techniques Used (TTPs)
- T1027.013 — Encrypted/Encoded File (defense-evasion)
- T1059.003 — Windows Command Shell (execution)
- T1071.001 — Web Protocols (command-and-control)
- T1204.002 — Malicious File (execution)
- T1027.002 — Software Packing (defense-evasion)
- T1218.001 — Compiled HTML File (defense-evasion)
- T1189 — Drive-by Compromise (initial-access)
- T1547.001 — Registry Run Keys / Startup Folder (persistence, privilege-escalation)
- T1083 — File and Directory Discovery (discovery)
- T1566.003 — Spearphishing via Service (initial-access)
- T1005 — Data from Local System (collection)
- T1113 — Screen Capture (collection)
Total TTPs: 12