APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
APT34 (aka Crambus, IRN2) · APT Atlas
Actors
/
Nation-state / APT
/
Asia
APT34
APT
IR · Iran
AKA
Crambus · IRN2 · ITG13 · EUROPIUM · OilRig · ATK40 · Earth Winona
CrowdStrike
:
HELIX KITTEN
Microsoft
:
Hazel Sandstorm
Secureworks
:
COBALT GYPSY
Targets
21
Sectors
12
Threat types
1
GIRs covered
0/480
Active since
2014
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 21 countries
Region filter
Export
origin · Iran
targeted countries · 21
ASIA ·
13
United Arab Emirates
·
Azerbaijan
·
Bahrain
·
Israel
·
Iraq
·
Jordan
·
Kuwait
·
Lebanon
·
Qatar
·
Saudi Arabia
·
Syria
·
Türkiye
·
Yemen
OCEANIA ·
1
Australia
AMERICAS ·
2
Colombia
·
United States
AFRICA ·
3
Egypt
·
Mauritius
·
South Africa
EUROPE ·
2
France
·
United Kingdom
Sectors targeted
12 of 40
Government
83 actors
Defense
60 actors
Financial Services
61 actors
Technology
51 actors
Telecom
57 actors
Energy / Utilities
49 actors
Oil and Gas
19 actors
Education & Research
50 actors
Manufacturing (man)
40 actors
Media & Journalism
41 actors
Chemicals
15 actors
Private Sector (generic)
28 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
ESP · Espionage
MITRE ATT&CK · 55 techniques
Initial Access
· 4
T1195
Supply Chain Compromise
T1566.001
Spearphishing Attachment
T1566.002
Spearphishing Link
T1566.003
Spearphishing via Service
Execution
· 8
T1047
Windows Management Instrumentation
Persistence
· 2
T1137.004
Outlook Home Page
Privilege Escalation
· 1
T1068
Exploitation for Privilege Escalation
Credential Access
· 8
T1003.001
LSASS Memory
Discovery
· 10
T1007
System Service Discovery
T1012
Query Registry
Lateral Movement
· 2
T1021.001
Remote Desktop Protocol
T1021.004
SSH
Collection
· 5
T1005
Data from Local System
T1025
Data from Removable Media
T1113
Screen Capture
Exfiltration
· 1
T1048.003
Exfiltration Over Unencrypted Non-C2 Protocol
Command And Control
· 6
T1008
Fallback Channels
T1071.001
Web Protocols
T1071.004
DNS
Defense Impairment
· 1
T1112
Modify Registry
Stealth
· 7
T1036
Masquerading
T1036.005
Match Legitimate Resource Name or Location
T1070.004
File Deletion
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT5
nation-state
China · 15 targets · since 2007
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
T1053.005
Scheduled Task
T1059
Command and Scripting Interpreter
T1059.001
PowerShell
T1059.003
Windows Command Shell
T1059.005
Visual Basic
T1203
Exploitation for Client Execution
T1204.001
Malicious Link
T1543.003
Windows Service
T1003.004
LSA Secrets
T1003.005
Cached Domain Credentials
T1110
Brute Force
T1552.001
Credentials In Files
T1555
Credentials from Password Stores
T1555.003
Credentials from Web Browsers
T1555.004
Windows Credential Manager
T1016
System Network Configuration Discovery
T1033
System Owner/User Discovery
T1046
Network Service Discovery
T1049
System Network Connections Discovery
T1057
Process Discovery
T1069.001
Local Groups
T1120
Peripheral Device Discovery
T1201
Password Policy Discovery
T1115
Clipboard Data
T1119
Automated Collection
T1105
Ingress Tool Transfer
T1219
Remote Access Tools
T1573.002
Asymmetric Cryptography
T1078
Valid Accounts
T1078.002
Domain Accounts
T1140
Deobfuscate/Decode Files or Information
T1218.001
Compiled HTML File