Apostle
The MITRE Corporation
· Published 22/05/2024 21:16 · Modified 27/03/2026 01:03
Family
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 22/05/2024 21:16
- Modified
- 27/03/2026 01:03
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 33 attack patterns (mitre), 1 intrusion sets (apt), 3 sectors, 54 indicators
Description
[Apostle](https://attack.mitre.org/software/S1133) is malware that has functioned as both a wiper and, in more recent versions, as ransomware. [Apostle](https://attack.mitre.org/software/S1133) is written in .NET and shares various programming and functional overlaps with [IPsec Helper](https://attack.mitre.org/software/S1132).(Citation: SentinelOne Agrius 2021)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (33)
-
-
T1046 usesNetwork Service Discovery MITRE
-
T1553 usesSubvert Trust Controls MITRE
-
T1140 usesDeobfuscate/Decode Files or Information MITRE
-
T1070.004 usesFile Deletion MITRE
-
T1480 usesExecution Guardrails MITRE
-
T1053 usesScheduled Task/Job MITRE
-
T1021 usesRemote Services MITRE
-
T1485 usesData Destruction MITRE
-
T1561.002 usesDisk Structure Wipe MITRE
-
T1036 usesMasquerading MITRE
-
T1561 usesDisk Wipe MITRE
Intrusion sets (APT) (1)
-
The MITRE Corporation Confidence 100
[Agrius](https://attack.mitre.org/groups/G1030) is an Iranian threat actor active since 2020 notable for a series of ransomware and wiper operations in the Middle East, with an emphasis on Israeli targets.(Citation:…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (3)
-
Technology targets
-
Education targets
-
Universities targets
Indicators (54)
-
stix 100/100 Revoked· Valid until 28/11/2023 · Source: AlienVault
-
stix 100/100 Revoked
TEL:Hacktool:Win32/Kingron.A
· Valid until 08/02/2025 · Source: AlienVault -
stix 100/100 Revoked
Trojan:Win32/Cadlotcorg.A!dha
· Valid until 28/11/2023 · Source: AlienVault -
stix 100/100 Revoked
Win.Trojan.Wiper-1
· Valid until 28/11/2023 · Source: AlienVault -
stix 100/100 Revoked· Valid until 08/02/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 08/02/2025 · Source: AlienVault
-
stix 100/100 Revoked
SLFPER:Ransom:Win32/Henasome.A!rsm
· Valid until 28/11/2023 · Source: AlienVault -
stix 100/100 Revoked
research_pe_signed_outside_timestamp
· Valid until 08/02/2025 · Source: AlienVault -
stix 100/100 Revoked
SLFPER:Ransom:Win32/Henasome.A!rsm
· Valid until 28/11/2023 · Source: AlienVault -
stix 100/100 Revoked· Valid until 08/02/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 08/02/2025 · Source: AlienVault
-
stix 100/100 Revoked
Win.Trojan.DistTrack
· Valid until 28/11/2023 · Source: AlienVault