APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
Agrius (aka Agrius, Pink Sandstorm) · APT Atlas
Actors
/
Nation-state / APT
/
Asia
Agrius
APT
IR · Iran
AKA
Pink Sandstorm · DEV-0227 · BlackShadow
Microsoft
:
AMERICIUM
Iranian destructive-attack cluster operating wipers under ransomware cover.
Targets
2
Sectors
13
Threat types
1
GIRs covered
0/480
Active since
2020
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 2 countries
Region filter
Export
origin · Iran
targeted countries · 2
ASIA ·
2
United Arab Emirates
·
Israel
Sectors targeted
13 of 40
Government
83 actors
Defense
60 actors
Financial Services
61 actors
Technology
51 actors
Telecom
57 actors
Education & Research
50 actors
Media & Journalism
41 actors
Transportation
25 actors
Logistics
18 actors
Transport & Logistics
6 actors
Consulting / Professional Services
26 actors
Industrials / Engineering
23 actors
Maritime
21 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
DIS · Disinformation
MITRE ATT&CK · 19 techniques
Resource Development
· 1
T1583
Acquire Infrastructure
Initial Access
· 1
T1190
Exploit Public-Facing Application
Execution
· 1
T1059.003
Windows Command Shell
Persistence
· 1
T1543.003
Windows Service
Credential Access
· 3
T1003.001
LSASS Memory
Discovery
· 2
T1018
Remote System Discovery
T1046
Network Service Discovery
Lateral Movement
· 2
T1021.001
Remote Desktop Protocol
T1570
Lateral Tool Transfer
Collection
· 3
T1005
Data from Local System
T1119
Automated Collection
Exfiltration
· 1
T1041
Exfiltration Over C2 Channel
Defense Impairment
· 1
T1685
Disable or Modify Tools
Stealth
· 3
T1036
Masquerading
T1078.002
Domain Accounts
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT5
nation-state
China · 15 targets · since 2007
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
T1003.002
Security Account Manager
T1110
Brute Force
T1560.001
Archive via Utility
T1140
Deobfuscate/Decode Files or Information