TEMP.Veles
Aliases: XENOTIME
TEMP.Veles is a Russia-based threat group that has targeted critical infrastructure. The group has been observed utilizing TRITON, a malware framework designed to manipulate industrial safety systems.
Open interactive actor investigation
ATT&CK techniques
T1546.012
Image File Execution Options InjectionT1074.001
Local Data StagingT1133
External Remote ServicesT1027.005
Indicator Removal from ToolsT1505.003
Web ShellT1021.001
Remote Desktop ProtocolT1571
Non-Standard PortT1021.004
SSHT1059.001
PowerShellT1053.005
Scheduled TaskT1036.005
Match Legitimate Name or LocationT1583.003
Virtual Private ServerT1070.006
TimestompT1078
Valid AccountsT1070.004
File DeletionT1588.002
ToolT1003.001
LSASS Memory
Image File Execution Options InjectionT1074.001
Local Data StagingT1133
External Remote ServicesT1027.005
Indicator Removal from ToolsT1505.003
Web ShellT1021.001
Remote Desktop ProtocolT1571
Non-Standard PortT1021.004
SSHT1059.001
PowerShellT1053.005
Scheduled TaskT1036.005
Match Legitimate Name or LocationT1583.003
Virtual Private ServerT1070.006
TimestompT1078
Valid AccountsT1070.004
File DeletionT1588.002
ToolT1003.001
LSASS Memory