Storm-0501

Techniques (MITRE ATT&CK)42

SourceMITRE ATT&CK

Vexday analysis

Storm-0501 é um grupo cibercriminoso com motivação financeira ativo desde 2021, especializado em operações de ransomware com uso de ferramentas de código aberto e commodities. O grupo possui histórico de afiliação com múltiplas plataformas de Ransomware-as-a-Service (RaaS), incluindo Sabbath, Hive, BlackCat, Hunters International, LockBit 3.0 e Embargo. Catalogado no MITRE ATT&CK sob o identificador G1053, tem 42 técnicas documentadas e 7 CVEs atribuídas a seu repertório de exploração.

Techniques (MITRE ATT&CK) 42

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development

Digital Certificates Vulnerabilities

Initial access

Exploit Public-Facing Application

Execution

Scheduled Task PowerShell Cloud API

Persistence

Additional Cloud Credentials Additional Cloud Roles

Credential access

OS Credential Dumping DCSync Brute Force Private Keys Password Managers Cloud Secrets Management Stores

Discovery

Process Discovery System Information Discovery Domain Account Cloud Account Domain Trust Discovery Security Software Discovery Cloud Service Discovery Cloud Infrastructure Discovery System Language Discovery

Lateral movement

Windows Remote Management Cloud Services

Collection

Data from Cloud Storage

Command and control

Remote Desktop Software

Exfiltration

Transfer Data to Cloud Account Exfiltration to Cloud Storage

Impact

Data Destruction Data Encrypted for Impact Inhibit System Recovery Financial Theft

defense-impairment

Group Policy Modification Trust Modification Conditional Access Policies Delete Cloud Instance

stealth

Software Packing Masquerade Task or Service Cloud Accounts Regsvr32 Rundll32

Exploited vulnerabilities 7

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2023-4966CRITICALEPSS 100%KEV CVE-2023-29300CRITICALEPSS 100%KEV CVE-2014-7169CRITICALEPSS 100%KEV CVE-2022-47966CRITICALEPSS 100%KEV CVE-2023-38203CRITICALEPSS 97%KEV CVE-2016-6662EPSS 68%CVE-2019-3610MEDIUMEPSS 0%

Storm-0501 uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →