DarkVishnya | APT Profile

Description

[DarkVishnya](https://attack.mitre.org/groups/G0105) is a financially motivated threat actor targeting financial institutions in Eastern Europe. In 2017-2018 the group attacked at least 8 banks in this region.(Citation: Securelist DarkVishnya Dec 2018)

Techniques Used (TTPs)

T1200 — Hardware Additions (initial-access)
T1588.002 — Tool (resource-development)
T1543.003 — Windows Service (persistence, privilege-escalation)
T1046 — Network Service Discovery (discovery)
T1135 — Network Share Discovery (discovery)
T1110 — Brute Force (credential-access)
T1219 — Remote Access Tools (command-and-control)
T1059.001 — PowerShell (execution)
T1040 — Network Sniffing (credential-access, discovery)
T1571 — Non-Standard Port (command-and-control)

Total TTPs: 10

Malware & Tools

Tools: PsExec, Winexe

← Return to Home ← Back to APT Search