Group5

Overview

Group5 is a threat group with a suspected Iranian nexus, though this attribution is not definite. The group has targeted individuals connected to the Syrian opposition via spearphishing and watering holes, normally using Syrian and Iranian themes. Group5 has used two commonly available remote access tools (RATs), njRAT and NanoCore, as well as an Android RAT, DroidJack.

TTPs — 4 techniques across 2 tactics

Tools & malware (2)

njRAT · NanoCore

Reporting (1)

• Group5: Syria and the Iranian Connection — Scott-Railton, J., et al