TA2541

Techniques (MITRE ATT&CK)28

SourceMITRE ATT&CK

Vexday analysis

TA2541 é um grupo cibercriminoso ativo desde pelo menos 2017, com histórico de ataques direcionados aos setores de aviação, aeroespacial, transporte, manufatura e defesa. Suas campanhas são tipicamente de alto volume e fazem uso de ferramentas de acesso remoto comerciais, ofuscadas por crypters, com temáticas relacionadas a aviação, transporte e viagens. O grupo é rastreado pelo MITRE ATT&CK sob o identificador G1018, com 28 técnicas documentadas associadas à sua atuação.

Techniques (MITRE ATT&CK) 28

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development

Domains Web Services Malware Tool Upload Malware

Initial access

Spearphishing Attachment Spearphishing Link

Execution

Windows Management Instrumentation Scheduled Task PowerShell Visual Basic Malicious Link Malicious File

Persistence

Registry Run Keys / Startup Folder

Discovery

Internet Connection Discovery System Information Discovery Security Software Discovery

Command and control

Ingress Tool Transfer Dynamic Resolution Asymmetric Cryptography

defense-impairment

Disable or Modify Tools

stealth

Software Packing Encrypted/Encoded File Compression Match Legitimate Resource Name or Location Process Injection Process Hollowing Mshta

Exploited vulnerabilities

No CVEs attributed to this group in public sources (MITRE ATT&CK). Absence of attribution does not mean absence of activity.

TA2541 uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →