← threatfilter.dev / all groups / TEMP.Veles
TEMP.Veles
Also known as: XENOTIME
Overview
TEMP.Veles is a Russia-based threat group that has targeted critical infrastructure. The group has been observed utilizing TRITON, a malware framework designed to manipulate industrial safety systems.
Capabilities
- Documented tooling: TRISIS, custom credential harvesting — MISP galaxy (meta.capabilities)
Tools & malware (2)
Mimikatz · PsExec
Reporting (3)
- A XENOTIME to Remember: Veles in the Wild — Slowik, J.
- TRITON Actor TTP Profile, Custom Attack Tools, Detections, and ATT&CK Mapping — Miller, S, et al
- TRITON Appendix C — Miller, S., et al