high_confidence
Frankenstein
[Frankenstein](https://attack.mitre.org/campaigns/C0001) was described by security researchers as a highly-targeted campaign conducted by moderately sophisticated and highly resourceful threat actors in early 2019. The unidentified actors primarily relied on open source tools, including [Empire](https://attack.mitre.org/software/S0363). The campaign name refers to the actors' ability to piece together several unrelated open-source tool components.(Citation: Talos Frankenstein June 2019)
Start date
1 January 2019
End date
1 April 2019
Techniques
27
Attributed actors
Techniques (27)
collection2
T1119Automated Collection
T1005Data from Local System
command-and-control3
T1573.001Symmetric Cryptography
T1105Ingress Tool Transfer
T1071.001Web Protocols
discovery6
T1497.001System Checks
T1057Process Discovery
T1082System Information Discovery
T1033System Owner/User Discovery
T1518.001Security Software Discovery
T1016System Network Configuration Discovery
execution8
T1059.003Windows Command Shell
T1204.002Malicious File
T1127.001MSBuild
T1047Windows Management Instrumentation
T1059.001PowerShell
T1203Exploitation for Client Execution
T1059.005Visual Basic
T1053.005Scheduled Task
exfiltration2
T1041Exfiltration Over C2 Channel
T1020Automated Exfiltration
initial-access1
T1566.001Spearphishing Attachment
persistence1
T1053.005Scheduled Task
privilege-escalation1
T1053.005Scheduled Task
resource-development1
T1588.002Tool
stealth6
T1127.001MSBuild
T1497.001System Checks
T1036.004Masquerade Task or Service
T1140Deobfuscate/Decode Files or Information
T1027.010Command Obfuscation
T1221Template Injection
Indicators of compromise
No IOCs linked to this campaign yet.