← threatfilter.dev / all groups / The White Company
The White Company
Overview
The White Company is a likely state-sponsored threat actor with advanced capabilities. From 2017 through 2018, the group led an espionage campaign called Operation Shaheen targeting government and military organizations in Pakistan.
Capabilities
- Exploitation of public-facing / client applications — ATT&CK T1203
TTPs — 7 techniques across 4 tactics
Initial Access
-
T1566.001Spearphishing Attachment
Execution
-
T1203Exploitation for Client Execution -
T1204.002Malicious File
Stealth
-
T1027.002Software Packing -
T1070.004File Deletion
Discovery
-
T1124System Time Discovery -
T1518.001Security Software Discovery
Tools & malware (2)
Revenge RAT · NETWIRE
Reporting (1)
- Operation Shaheen — Livelli, K, et al