ToddyCat
Aliases: None listed
ToddyCat is a sophisticated threat group that has been active since at least 2020 using custom loaders and malware in multi-stage infection chains against government and military targets across Europe and Asia.
Open interactive actor investigation
ATT&CK techniques
T1005
Data from Local SystemT1069.002
Domain GroupsT1053.005
Scheduled TaskT1566.003
Spearphishing via ServiceT1087.002
Domain AccountT1095
Non-Application Layer ProtocolT1078.002
Domain AccountsT1106
Native APIT1057
Process DiscoveryT1018
Remote System DiscoveryT1562.004
Disable or Modify System FirewallT1049
System Network Connections DiscoveryT1021.002
SMB/Windows Admin SharesT1059.003
Windows Command ShellT1190
Exploit Public-Facing ApplicationT1567.002
Exfiltration to Cloud StorageT1518.001
Security Software DiscoveryT1059.001
PowerShellT1564.003
Hidden WindowT1083
File and Directory DiscoveryT1074.002
Remote Data StagingT1047
Windows Management InstrumentationT1036.005
Match Legitimate Name or LocationT1082
System Information DiscoveryT1560.001
Archive via Utility
Data from Local SystemT1069.002
Domain GroupsT1053.005
Scheduled TaskT1566.003
Spearphishing via ServiceT1087.002
Domain AccountT1095
Non-Application Layer ProtocolT1078.002
Domain AccountsT1106
Native APIT1057
Process DiscoveryT1018
Remote System DiscoveryT1562.004
Disable or Modify System FirewallT1049
System Network Connections DiscoveryT1021.002
SMB/Windows Admin SharesT1059.003
Windows Command ShellT1190
Exploit Public-Facing ApplicationT1567.002
Exfiltration to Cloud StorageT1518.001
Security Software DiscoveryT1059.001
PowerShellT1564.003
Hidden WindowT1083
File and Directory DiscoveryT1074.002
Remote Data StagingT1047
Windows Management InstrumentationT1036.005
Match Legitimate Name or LocationT1082
System Information DiscoveryT1560.001
Archive via Utility