Stealth Falcon
Aliases: None listed
Stealth Falcon is a threat group that has conducted targeted spyware attacks against Emirati journalists, activists, and dissidents since at least 2012. Circumstantial evidence suggests there could be a link between this group and the United Arab Emirates (UAE) government, but that has not been confirmed.
Open interactive actor investigation
ATT&CK techniques
T1555.004
Windows Credential ManagerT1059
Command and Scripting InterpreterT1555.003
Credentials from Web BrowsersT1555
Credentials from Password StoresT1057
Process DiscoveryT1016
System Network Configuration DiscoveryT1573.001
Symmetric CryptographyT1012
Query RegistryT1071.001
Web ProtocolsT1033
System Owner/User DiscoveryT1047
Windows Management InstrumentationT1005
Data from Local SystemT1041
Exfiltration Over C2 ChannelT1059.001
PowerShellT1053.005
Scheduled TaskT1082
System Information Discovery
Windows Credential ManagerT1059
Command and Scripting InterpreterT1555.003
Credentials from Web BrowsersT1555
Credentials from Password StoresT1057
Process DiscoveryT1016
System Network Configuration DiscoveryT1573.001
Symmetric CryptographyT1012
Query RegistryT1071.001
Web ProtocolsT1033
System Owner/User DiscoveryT1047
Windows Management InstrumentationT1005
Data from Local SystemT1041
Exfiltration Over C2 ChannelT1059.001
PowerShellT1053.005
Scheduled TaskT1082
System Information Discovery