Description
[Rancor](https://attack.mitre.org/groups/G0075) is a threat group that has led targeted campaigns against the South East Asia region. [Rancor](https://attack.mitre.org/groups/G0075) uses politically-motivated lures to entice victims to open malicious documents. (Citation: Rancor Unit42 June 2018)
Techniques Used (TTPs)
- T1071.001 — Web Protocols (command-and-control)
- T1059.005 — Visual Basic (execution)
- T1204.002 — Malicious File (execution)
- T1053.005 — Scheduled Task (execution, persistence, privilege-escalation)
- T1105 — Ingress Tool Transfer (command-and-control)
- T1218.007 — Msiexec (defense-evasion)
- T1546.003 — Windows Management Instrumentation Event Subscription (privilege-escalation, persistence)
- T1059.003 — Windows Command Shell (execution)
- T1566.001 — Spearphishing Attachment (initial-access)
Total TTPs: 9