Storm-1811
Essential information
- Confidence
- 100/100
- Published
- 16/12/2025 19:39
- Modified
- 27/03/2026 01:13
- Updated at
- 27/03/2026 01:13
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 40 attack patterns (mitre), 5 malware, 12 indicators, 4 tool
Description
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
12 MITREs 5 Malwares 12 Observables 1 APTPublished 16/05/2024 09:27 · Modified 16/05/2024 10:01
Attack patterns (MITRE) (40)
-
T1059.001 usesPowerShell
-
T1204.002 usesMalicious File
-
T1583.001 usesDomains
-
T1133 usesExternal Remote Services
-
T1057 usesProcess Discovery
-
Impersonation uses
-
T1048.002 usesExfiltration Over Asymmetric Encrypted Non-C2 Protocol
-
T1033 usesSystem Owner/User Discovery
-
T1087.002 usesDomain Account
-
T1074.001 usesLocal Data Staging
-
T1482 usesDomain Trust Discovery
-
T1140 usesDeobfuscate/Decode Files or Information
-
T1566.003 usesSpearphishing via Service
-
Impersonation uses
-
T1566.001 usesSpearphishing Attachment
-
T1021.002 usesSMB/Windows Admin Shares
-
T1570 usesLateral Tool Transfer
-
T1222.001 usesWindows File and Directory Permissions Modification
-
T1059.007 usesJavaScript
-
T1566.002 usesSpearphishing Link
-
T1036 usesMasquerading
-
T1059.003 usesWindows Command Shell
-
T1105 usesIngress Tool Transfer
-
T1071.001 usesWeb Protocols
-
Spearphishing Voice uses
-
T1059 usesCommand and Scripting Interpreter
-
T1574.001 usesDLL
-
T1547.001 usesRegistry Run Keys / Startup Folder
-
Cloud Accounts uses
-
T1486 usesData Encrypted for Impact
-
T1056 usesInput Capture
-
Email Bombing uses
-
T1588.002 usesTool
-
T1036.005 usesMatch Legitimate Resource Name or Location
-
T1218.005 usesMshta
-
T1021.004 usesSSH
-
T1053.005 usesScheduled Task
Malware (5)
-
QakBot usesFamilyPublished 30/05/2024 14:20 · Modified 30/05/2024 14:20
-
Cobalt Strike usesFamilyPublished 16/12/2024 14:25 · Modified 16/12/2024 14:25
-
Black Basta usesFamily The MITRE Corporation Confidence 100
[Black Basta](https://attack.mitre.org/software/S1070) is ransomware written in C++ that has been offered within the ransomware-as-a-service (RaaS) model since at least April 2022; there are variants that target Windows and …
First seen 01/01/1970 · Last seen 16/11/5138 Published 08/03/2023 20:14 · Modified 27/03/2026 01:05 -
QakBot - S0650 usesFamilyPublished 01/04/2025 14:48 · Modified 01/04/2025 14:48
-
Black Basta - S1070 usesFamilyPublished 05/02/2026 20:21 · Modified 05/02/2026 20:21
Indicators (12)
-
greekpool.comindicates -
upd7a.comindicates -
93058bd5fe5f046e298e1d3655274ae4c08f07a8b6876e61629ae4a0b510a2f7indicates -
0f9156f91c387e7781603ed716dcdc3f5342ece96e155115708b1662b0f9b4d0indicates -
1cb1864314262e71de1565e198193877ef83e98823a7da81eb3d59894b5a4cfbindicates -
zziveastnews.comindicates -
upd7.comindicates -
realsepnews.comindicates -
upd5.proindicates -
1ad05a4a849d7ed09e2efb38f5424523651baf3326b5f95e05f6726f564ccc30indicates -
upd9.comindicates -
71d50b74f81d27feefbc2bc0f631b0ed7fcdf88b1abbd6d104e66638993786f8indicates
Tool (4)
-
Quick Assist usesThe MITRE Corporation Confidence 100
[Quick Assist](https://attack.mitre.org/software/S1209) is a remote assistance tool primarily for Microsoft Windows, although a macOS version also exists. [Quick Assist](https://attack.mitre.org/software/S1209) allows for remote screen sharing and, with end user …
Published 14/03/2025 20:13 · Modified 27/03/2026 01:07 -
BITSAdmin usesThe MITRE Corporation Confidence 100
[BITSAdmin](https://attack.mitre.org/software/S0190) is a command line tool used to create and manage [BITS Jobs](https://attack.mitre.org/techniques/T1197). (Citation: Microsoft BITSAdmin)
Published 18/04/2018 19:59 · Modified 27/03/2026 01:07 -
Impacket usesThe MITRE Corporation Confidence 100
[Impacket](https://attack.mitre.org/software/S0357) is an open source collection of modules written in Python for programmatically constructing and manipulating network protocols. [Impacket](https://attack.mitre.org/software/S0357) contains several tools for remote service execution, Kerberos manipulation, …
Published 31/01/2019 02:39 · Modified 27/03/2026 01:07 -
PsExec usesThe MITRE Corporation Confidence 100
[PsExec](https://attack.mitre.org/software/S0029) is a free Microsoft tool that can be used to execute a program on another computer. It is used by IT administrators and attackers.(Citation: Russinovich Sysinternals)(Citation: SANS …
Published 31/05/2017 23:32 · Modified 27/03/2026 01:07