Description
[Machete](https://attack.mitre.org/groups/G0095) is a suspected Spanish-speaking cyber espionage group that has been active since at least 2010. It has primarily focused its operations within Latin America, with a particular emphasis on Venezuela, but also in the US, Europe, Russia, and parts of Asia. [Machete](https://attack.mitre.org/groups/G0095) generally targets high-profile organizations such as government institutions, intelligence services, and military units, as well as telecommunications and power companies.(Citation: Cylance Machete Mar 2017)(Citation: Securelist Machete Aug 2014)(Citation: ESET Machete July 2019)(Citation: 360 Machete Sep 2020)
Techniques Used (TTPs)
- T1204.002 — Malicious File (execution)
- T1566.002 — Spearphishing Link (initial-access)
- T1059.003 — Windows Command Shell (execution)
- T1059.005 — Visual Basic (execution)
- T1059.006 — Python (execution)
- T1053.005 — Scheduled Task (execution, persistence, privilege-escalation)
- T1036.005 — Match Legitimate Resource Name or Location (defense-evasion)
- T1204.001 — Malicious Link (execution)
- T1189 — Drive-by Compromise (initial-access)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1218.007 — Msiexec (defense-evasion)
Total TTPs: 11
Malware & Tools
Malware: Machete