← threatfilter.dev / all groups / Gallmaker
Gallmaker
Overview
Gallmaker is a cyberespionage group that has targeted victims in the Middle East and has been active since at least December 2017. The group has mainly targeted victims in the defense, military, and government sectors.
TTPs — 6 techniques across 4 tactics
Initial Access
-
T1566.001Spearphishing Attachment
Execution
-
T1059.001PowerShell -
T1204.002Malicious File -
T1559.002Dynamic Data Exchange
Stealth
Collection
-
T1560.001Archive via Utility
Reporting (1)
- Gallmaker: New Attack Group Eschews Malware to Live off the Land — Symantec Security Response