← threatfilter.dev / all groups / Gorgon Group
Gorgon Group
Overview
Gorgon Group is a threat group consisting of members who are suspected to be Pakistan-based or have other connections to Pakistan. The group has performed a mix of criminal and targeted attacks, including campaigns against government organizations in the United Kingdom, Spain, Russia, and the United States.
TTPs — 16 techniques across 7 tactics
Resource Development
-
T1588.002Tool
Initial Access
-
T1566.001Spearphishing Attachment
Execution
-
T1059.001PowerShell -
T1059.003Windows Command Shell -
T1059.005Visual Basic -
T1106Native API -
T1204.002Malicious File
Persistence
-
T1547.001Registry Run Keys / Startup Folder -
T1547.009Shortcut Modification
Stealth
-
T1055.002Portable Executable Injection -
T1055.012Process Hollowing -
T1140Deobfuscate/Decode Files or Information -
T1564.003Hidden Window
Defense Impairment
-
T1112Modify Registry -
T1685Disable or Modify Tools
Command and Control
-
T1105Ingress Tool Transfer
Tools & malware (4)
NanoCore · QuasarRAT · Remcos · njRAT
Reporting (1)
- The Gorgon Group: Slithering Between Nation State and Cybercrime — Falcone, R., et al