About this actor
[RedCurl](https://attack.mitre.org/groups/G1039) is a threat actor active since 2018 notable for corporate espionage targeting a variety of locations, including Ukraine, Canada and the United Kingdom, and a variety of industries, including but not limited to travel agencies, insurance companies, and banks.(Citation: group-ib_redcurl1) [RedCurl](https://attack.mitre.org/groups/G1039) is allegedly a Russian-speaking threat actor.(Citation: group-ib_redcurl1)(Citation: group-ib_redcurl2) The group’s operations typically start with spearphishing emails to gain initial access, then the group executes discovery and collection commands and scripts to find corporate data. The group concludes operations by exfiltrating files to the C2 servers.
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
T1003T1003.001T1005T1020T1027T1036T1036.005T1039T1046T1053T1053.005T1056T1056.002T1059T1059.001T1059.003T1059.005T1059.006T1070T1070.004T1071T1071.001T1080T1082T1083T1087T1087.001T1087.002T1087.003T1102T1114T1114.001T1119T1199T1202T1204T1204.001T1204.002T1218T1218.011T1537T1547T1547.001T1552T1552.001T1552.002T1555T1555.003T1560T1560.001T1564T1564.001T1566T1566.001T1566.002T1573T1573.001T1573.002T1587T1587.001
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 44 / 60 | 73% |
CM-6 | 37 / 60 | 62% |
CM-2 | 35 / 60 | 58% |
SI-3 | 30 / 60 | 50% |
CA-7 | 29 / 60 | 48% |
CM-7 | 27 / 60 | 45% |
AC-3 | 22 / 60 | 37% |
AC-4 | 22 / 60 | 37% |
SC-7 | 22 / 60 | 37% |
AC-6 | 20 / 60 | 33% |
SI-7 | 20 / 60 | 33% |
AC-2 | 19 / 60 | 32% |
SI-10 | 14 / 60 | 23% |
RA-5 | 13 / 60 | 22% |
SI-2 | 13 / 60 | 22% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- BRONZE BUTLER 0.39
- APT3 0.33
- APT33 0.32
- MuddyWater 0.32
- FIN6 0.31