Description
[Metador](https://attack.mitre.org/groups/G1013) is a suspected cyber espionage group that was first reported in September 2022. [Metador](https://attack.mitre.org/groups/G1013) has targeted a limited number of telecommunication companies, internet service providers, and universities in the Middle East and Africa. Security researchers named the group [Metador](https://attack.mitre.org/groups/G1013) based on the "I am meta" string in one of the group's malware samples and the expectation of Spanish-language responses from C2 servers.(Citation: SentinelLabs Metador Sept 2022)
Techniques Used (TTPs)
- T1071.001 — Web Protocols (command-and-control)
- T1059.003 — Windows Command Shell (execution)
- T1588.001 — Malware (resource-development)
- T1546.003 — Windows Management Instrumentation Event Subscription (privilege-escalation, persistence)
- T1027.013 — Encrypted/Encoded File (defense-evasion)
- T1070.004 — File Deletion (defense-evasion)
- T1095 — Non-Application Layer Protocol (command-and-control)
- T1588.002 — Tool (resource-development)
- T1105 — Ingress Tool Transfer (command-and-control)
Total TTPs: 9