← threatfilter.dev / all groups / Leafminer
Leafminer
Also known as: Raspite
Overview
Leafminer is an Iranian threat group that has targeted government organizations and business entities in the Middle East since at least early 2017.
Targets
Energy
TTPs — 17 techniques across 8 tactics
Resource Development
-
T1588.002Tool
Initial Access
-
T1189Drive-by Compromise
Execution
-
T1059.007JavaScript
Persistence
-
T1136.001Local Account
Stealth
-
T1027.010Command Obfuscation -
T1055.013Process Doppelgänging
Credential Access
-
T1003.001LSASS Memory -
T1003.004LSA Secrets -
T1003.005Cached Domain Credentials -
T1110.003Password Spraying -
T1552.001Credentials In Files -
T1555Credentials from Password Stores -
T1555.003Credentials from Web Browsers
Discovery
-
T1018Remote System Discovery -
T1046Network Service Discovery -
T1083File and Directory Discovery
Collection
-
T1114.002Remote Email Collection
Tools & malware (4)
LaZagne · Mimikatz · MailSniper · PsExec
Reporting (2)
- RASPITE — Dragos, Inc
- Leafminer: New Espionage Campaigns Targeting Middle Eastern Regions — Symantec Security Response