Agrius

OriginIrã

Techniques (MITRE ATT&CK)22

SourceMITRE ATT&CK

Also known as:Pink SandstormAMERICIUMAgonizing SerpensBlackShadow

Vexday analysis

Agrius é um agente de ameaça iraniano ativo desde 2020, notório por conduzir operações com ransomware e wipers no Oriente Médio, com ênfase em alvos israelenses. Relatórios públicos associam o grupo ao Ministério de Inteligência e Segurança do Irã (MOIS). Rastreado pelo MITRE ATT&CK sob o identificador G1030, o grupo é também conhecido pelos aliases Pink Sandstorm, AMERICIUM, Agonizing Serpens e BlackShadow, com 22 técnicas documentadas na matriz ATT&CK e 3 CVEs atribuídas à sua atuação.

Techniques (MITRE ATT&CK) 22

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development

Acquire Infrastructure

Initial access

Exploit Public-Facing Application

Execution

Windows Command Shell

Persistence

Web Shell Windows Service

Credential access

LSASS Memory Security Account Manager Brute Force Password Spraying

Discovery

Remote System Discovery Network Service Discovery

Lateral movement

Remote Desktop Protocol Lateral Tool Transfer

Collection

Data from Local System Local Data Staging Automated Collection Archive via Utility

Exfiltration

Exfiltration Over C2 Channel

defense-impairment

Disable or Modify Tools

stealth

Masquerading Domain Accounts Deobfuscate/Decode Files or Information

Exploited vulnerabilities 3

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2018-13379CRITICALEPSS 100%KEV CVE-2014-7169CRITICALEPSS 100%KEV CVE-2016-6662EPSS 68%

Agrius uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →