Leafminer
Aliases: Raspite
Leafminer is an Iranian threat group that has targeted government organizations and business entities in the Middle East since at least early 2017.
Open interactive actor investigation
ATT&CK techniques
T1027.010
Command ObfuscationT1588.002
ToolT1003.001
LSASS MemoryT1555
Credentials from Password StoresT1046
Network Service DiscoveryT1003.005
Cached Domain CredentialsT1555.003
Credentials from Web BrowsersT1552.001
Credentials In FilesT1003.004
LSA SecretsT1055.013
Process DoppelgängingT1189
Drive-by CompromiseT1018
Remote System DiscoveryT1110.003
Password SprayingT1136.001
Local AccountT1059.007
JavaScriptT1114.002
Remote Email CollectionT1083
File and Directory Discovery
Command ObfuscationT1588.002
ToolT1003.001
LSASS MemoryT1555
Credentials from Password StoresT1046
Network Service DiscoveryT1003.005
Cached Domain CredentialsT1555.003
Credentials from Web BrowsersT1552.001
Credentials In FilesT1003.004
LSA SecretsT1055.013
Process DoppelgängingT1189
Drive-by CompromiseT1018
Remote System DiscoveryT1110.003
Password SprayingT1136.001
Local AccountT1059.007
JavaScriptT1114.002
Remote Email CollectionT1083
File and Directory Discovery