Description
[WIRTE](https://attack.mitre.org/groups/G0090) is a threat group that has been active since at least August 2018. [WIRTE](https://attack.mitre.org/groups/G0090) has targeted government, diplomatic, financial, military, legal, and technology organizations in the Middle East and Europe.(Citation: Lab52 WIRTE Apr 2019)(Citation: Kaspersky WIRTE November 2021)
Techniques Used (TTPs)
- T1059.001 — PowerShell (execution)
- T1571 — Non-Standard Port (command-and-control)
- T1059.005 — Visual Basic (execution)
- T1204.002 — Malicious File (execution)
- T1140 — Deobfuscate/Decode Files or Information (defense-evasion)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1036.005 — Match Legitimate Resource Name or Location (defense-evasion)
- T1588.002 — Tool (resource-development)
- T1071.001 — Web Protocols (command-and-control)
- T1218.010 — Regsvr32 (defense-evasion)
- T1105 — Ingress Tool Transfer (command-and-control)
Total TTPs: 11