high_confidence

Operation Spalax

[Operation Spalax](https://attack.mitre.org/campaigns/C0005) was a campaign that primarily targeted Colombian government organizations and private companies, particularly those associated with the energy and metallurgical industries. The [Operation Spalax](https://attack.mitre.org/campaigns/C0005) threat actors distributed commodity malware and tools using generic phishing topics related to COVID-19, banking, and law enforcement action. Security researchers noted indicators of compromise and some infrastructure overlaps with other campaigns dating back to April 2018, including at least one separately attributed to [APT-C-36](https://attack.mitre.org/groups/G0099), however identified enough differences to report this as separate, unattributed activity.(Citation: ESET Operation Spalax Jan 2021)

Start date

1 November 2019

End date

1 January 2021

Techniques

Techniques (17)

command-and-control2

T1102Web Service

T1568Dynamic Resolution

discovery1

T1497Virtualization/Sandbox Evasion

execution3

T1204.002Malicious File

T1204.001Malicious Link

T1059Command and Scripting Interpreter

initial-access2

T1566.002Spearphishing Link

T1566.001Spearphishing Attachment

resource-development4

T1588.002Tool

T1608.001Upload Malware

T1583.001Domains

T1588.001Malware

stealth6

T1027.003Steganography

T1140Deobfuscate/Decode Files or Information

T1027.002Software Packing

T1497Virtualization/Sandbox Evasion

T1218.011Rundll32

T1027.013Encrypted/Encoded File

Indicators of compromise

No IOCs linked to this campaign yet.