ToddyCat

Techniques (MITRE ATT&CK)25

SourceMITRE ATT&CK

Vexday analysis

ToddyCat é um grupo APT sofisticado, ativo desde pelo menos 2020, que utiliza carregadores e malwares personalizados em cadeias de infecção multiestágio contra alvos governamentais e militares na Europa e na Ásia. O grupo possui 25 técnicas documentadas no MITRE ATT&CK (identificador G1022) e é associado à exploração de 3 CVEs.

Techniques (MITRE ATT&CK) 25

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Initial access

Exploit Public-Facing Application Spearphishing via Service

Execution

Windows Management Instrumentation Scheduled Task PowerShell Windows Command Shell Native API

Discovery

Remote System Discovery System Network Connections Discovery Process Discovery Domain Groups File and Directory Discovery Domain Account Security Software Discovery Local Storage Discovery

Lateral movement

SMB/Windows Admin Shares

Collection

Data from Local System Remote Data Staging Archive via Utility

Command and control

Non-Application Layer Protocol

Exfiltration

Exfiltration to Cloud Storage

defense-impairment

Disable or Modify System Firewall

stealth

Match Legitimate Resource Name or Location Domain Accounts Hidden Window

Exploited vulnerabilities 3

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2021-26855CRITICALEPSS 100%KEV CVE-2014-7169CRITICALEPSS 100%KEV CVE-2016-6662EPSS 68%

ToddyCat uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →