Description
[Gorgon Group](https://attack.mitre.org/groups/G0078) is a threat group consisting of members who are suspected to be Pakistan-based or have other connections to Pakistan. The group has performed a mix of criminal and targeted attacks, including campaigns against government organizations in the United Kingdom, Spain, Russia, and the United States. (Citation: Unit 42 Gorgon Group Aug 2018)
Techniques Used (TTPs)
- T1055.012 — Process Hollowing (defense-evasion, privilege-escalation)
- T1140 — Deobfuscate/Decode Files or Information (defense-evasion)
- T1106 — Native API (execution)
- T1547.001 — Registry Run Keys / Startup Folder (persistence, privilege-escalation)
- T1059.001 — PowerShell (execution)
- T1059.003 — Windows Command Shell (execution)
- T1105 — Ingress Tool Transfer (command-and-control)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1564.003 — Hidden Window (defense-evasion)
- T1055.002 — Portable Executable Injection (defense-evasion, privilege-escalation)
- T1562.001 — Disable or Modify Tools (defense-evasion)
- T1112 — Modify Registry (defense-evasion, persistence)
- T1547.009 — Shortcut Modification (persistence, privilege-escalation)
- T1204.002 — Malicious File (execution)
- T1588.002 — Tool (resource-development)
- T1059.005 — Visual Basic (execution)
Total TTPs: 16