← threatfilter.dev / all groups / Dark Caracal
Dark Caracal
Overview
Dark Caracal is threat group that has been attributed to the Lebanese General Directorate of General Security (GDGS) and has operated since at least 2012.
Capabilities
- Custom malware/implant development — ATT&CK: 3 attributed custom malware families
TTPs — 12 techniques across 7 tactics
Initial Access
-
T1189Drive-by Compromise -
T1566.003Spearphishing via Service
Execution
-
T1059.003Windows Command Shell -
T1204.002Malicious File
Persistence
-
T1547.001Registry Run Keys / Startup Folder
Stealth
-
T1027.002Software Packing -
T1027.013Encrypted/Encoded File -
T1218.001Compiled HTML File
Discovery
Collection
-
T1005Data from Local System -
T1113Screen Capture
Command and Control
-
T1071.001Web Protocols
Tools & malware (3)
FinFisher · CrossRAT · Bandook
Reporting (1)
- Dark Caracal: Cyber-espionage at a Global Scale — Blaich, A., et al