Description
[Sowbug](https://attack.mitre.org/groups/G0054) is a threat group that has conducted targeted attacks against organizations in South America and Southeast Asia, particularly government entities, since at least 2015. (Citation: Symantec Sowbug Nov 2017)
Techniques Used (TTPs)
- T1083 — File and Directory Discovery (discovery)
- T1039 — Data from Network Shared Drive (collection)
- T1560.001 — Archive via Utility (collection)
- T1059.003 — Windows Command Shell (execution)
- T1056.001 — Keylogging (collection, credential-access)
- T1135 — Network Share Discovery (discovery)
- T1036.005 — Match Legitimate Resource Name or Location (defense-evasion)
- T1003 — OS Credential Dumping (credential-access)
- T1082 — System Information Discovery (discovery)
Total TTPs: 9
Malware & Tools
Malware: Felismus, Starloader