Cyber Kill Chain Commentary
  • Forensic Domains
    Principles Log Files Operating Systems NIDS/Network HIDS/Host Perimeter Devices Applications Databases Data Media Data Media Cloud Identification/Attribution Antiforensics
  • Matrices
  • Tactics
    Enterprise Mobile
  • Techniques
    Enterprise Mobile
  • Data Sources
  • Mitigations
    Enterprise Mobile
  • Groups
  • Software
GROUPS
Overview
admin@338
Ajax Security Team
Andariel
APT-C-36
APT1
APT12
APT16
APT17
APT18
APT19
APT28
APT29
APT3
APT30
APT32
APT33
APT37
APT38
APT39
APT41
Axiom
BackdoorDiplomacy
BlackOasis
BlackTech
Blue Mockingbird
Bouncing Golf
BRONZE BUTLER
Carbanak
Chimera
Cleaver
Cobalt Group
CopyKittens
CostaRicto
Dark Caracal
Darkhotel
DarkHydrus
DarkVishnya
Deep Panda
Dragonfly
Dragonfly 2.0
DragonOK
Dust Storm
Elderwood
Equation
Evilnum
Ferocious Kitten
FIN10
FIN4
FIN5
FIN6
FIN7
FIN8
Fox Kitten
Frankenstein
GALLIUM
Gallmaker
Gamaredon Group
GCMAN
GOLD SOUTHFIELD
Gorgon Group
Group5
HAFNIUM
Higaisa
Honeybee
Inception
IndigoZebra
Indrik Spider
Ke3chang
Kimsuky
Lazarus Group
Leafminer
Leviathan
Lotus Blossom
Machete
Magic Hound
menuPass
Moafee
Mofang
Molerats
MuddyWater
Mustang Panda
Naikon
NEODYMIUM
Night Dragon
Nomadic Octopus
OilRig
Operation Wocao
Orangeworm
Patchwork
PittyTiger
PLATINUM
Poseidon Group
PROMETHIUM
Putter Panda
Rancor
Rocke
RTM
Sandworm Team
Scarlet Mimic
Sharpshooter
Sidewinder
Silence
Silent Librarian
SilverTerrier
Sowbug
Stealth Falcon
Strider
Suckfly
TA459
TA505
TA551
TeamTNT
TEMP.Veles
The White Company
Threat Group-1314
Threat Group-3390
Thrip
Tonto Team
Transparent Tribe
Tropic Trooper
Turla
Volatile Cedar
Whitefly
Windigo
Windshift
Winnti Group
WIRTE
Wizard Spider
ZIRCONIUM
GROUPS
Overview
A-B
admin@338
Ajax Security Team
Andariel
APT-C-36
APT1
APT12
APT16
APT17
APT18
APT19
APT28
APT29
APT3
APT30
APT32
APT33
APT37
APT38
APT39
APT41
Axiom
BackdoorDiplomacy
BlackOasis
BlackTech
Blue Mockingbird
Bouncing Golf
BRONZE BUTLER
C-D
Carbanak
Chimera
Cleaver
Cobalt Group
CopyKittens
CostaRicto
Dark Caracal
Darkhotel
DarkHydrus
DarkVishnya
Deep Panda
Dragonfly
Dragonfly 2.0
DragonOK
Dust Storm
E-F
Elderwood
Equation
Evilnum
Ferocious Kitten
FIN10
FIN4
FIN5
FIN6
FIN7
FIN8
Fox Kitten
Frankenstein
G-H
GALLIUM
Gallmaker
Gamaredon Group
GCMAN
GOLD SOUTHFIELD
Gorgon Group
Group5
HAFNIUM
Higaisa
Honeybee
I-J
Inception
IndigoZebra
Indrik Spider
K-L
Ke3chang
Kimsuky
Lazarus Group
Leafminer
Leviathan
Lotus Blossom
M-N
Machete
Magic Hound
menuPass
Moafee
Mofang
Molerats
MuddyWater
Mustang Panda
Naikon
NEODYMIUM
Night Dragon
Nomadic Octopus
O-P
OilRig
Operation Wocao
Orangeworm
Patchwork
PittyTiger
PLATINUM
Poseidon Group
PROMETHIUM
Putter Panda
Q-R
Rancor
Rocke
RTM
S-T
Sandworm Team
Scarlet Mimic
Sharpshooter
Sidewinder
Silence
Silent Librarian
SilverTerrier
Sowbug
Stealth Falcon
Strider
Suckfly
TA459
TA505
TA551
TeamTNT
TEMP.Veles
The White Company
Threat Group-1314
Threat Group-3390
Thrip
Tonto Team
Transparent Tribe
Tropic Trooper
Turla
U-V
Volatile Cedar
W-X
Whitefly
Windigo
Windshift
Winnti Group
WIRTE
Wizard Spider
Y-Z
ZIRCONIUM
  1. Home
  2. Groups
  3. NEODYMIUM

NEODYMIUM

NEODYMIUM is an activity group that conducted a campaign in May 2016 and has heavily targeted Turkish victims. The group has demonstrated similarity to another activity group called PROMETHIUM due to overlapping victim and campaign characteristics. [1] [2] NEODYMIUM is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified. [3]

ID: G0055
Version: 1.0
Created: 16 January 2018
Last Modified: 25 March 2019

Software

ID Name References Techniques
S0176 Wingbird [1][2] Boot or Logon Autostart Execution: LSASS Driver, Create or Modify System Process: Windows Service, Exploitation for Privilege Escalation, Hijack Execution Flow: DLL Side-Loading, Indicator Removal on Host: File Deletion, Process Injection, Software Discovery: Security Software Discovery, System Information Discovery, System Services: Service Execution

References

  1. Microsoft. (2016, December 14). Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe. Retrieved November 27, 2017.
  2. Anthe, C. et al. (2016, December 14). Microsoft Security Intelligence Report Volume 21. Retrieved November 27, 2017.
  1. Bing, C. (2017, October 16). Middle Eastern hacking group is using FinFisher malware to conduct international espionage. Retrieved February 15, 2018.
×

© 2021 LAYER 8 GmbH | © 2021 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
cyber-kill-chain.ch is based on ATT&CK v10.1 | See MITRE Terms of Use here: Terms of Use | See MITRE ATT&CK Website here: attack.mitre.org (source code)
You are on a version of the MITRE ATT&CK® website that has been greatly expanded in content and functionality.
This version is published by LAYER 8 and is not affiliated with MITRE or MITRE ATT&CK®.