Description
[The White Company](https://attack.mitre.org/groups/G0089) is a likely state-sponsored threat actor with advanced capabilities. From 2017 through 2018, the group led an espionage campaign called Operation Shaheen targeting government and military organizations in Pakistan.(Citation: Cylance Shaheen Nov 2018)
Techniques Used (TTPs)
- T1027.002 — Software Packing (defense-evasion)
- T1518.001 — Security Software Discovery (discovery)
- T1203 — Exploitation for Client Execution (execution)
- T1070.004 — File Deletion (defense-evasion)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1204.002 — Malicious File (execution)
- T1124 — System Time Discovery (discovery)
Total TTPs: 7
Malware & Tools
Malware: NETWIRE, Revenge RAT