Dark Caracal
MISP
Type:
Unknown
Unknown
Country:
LB
LB
First seen:
Unknown
Unknown
Details:
Lookout and Electronic Frontier Foundation (EFF) have discovered Dark Caracal, a persistent and prolific actor, who at the time of writing is believed to be administered out of a building belonging to the Lebanese General Security Directorate in Beirut. At present, we have knowledge of hundreds of gigabytes of exfiltrated data, in 21+ countries, across thousands of victims. Stolen data includes enterprise intellectual property and personally identifiable information.
MITRE ATT&CK:
View on MITRE
Techniques Used (12)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1005 | Data from Local System | - |
| T1027.002 | Software Packing | - |
| T1027.013 | Encrypted/Encoded File | - |
| T1059.003 | Windows Command Shell | - |
| T1071.001 | Web Protocols | - |
| T1083 | File and Directory Discovery | - |
| T1113 | Screen Capture | - |
| T1189 | Drive-by Compromise | - |
| T1204.002 | Malicious File | - |
| T1218.001 | Compiled HTML File | - |
| T1547.001 | Registry Run Keys / Startup Folder | - |
| T1566.003 | Spearphishing via Service | - |
Aliases (105)
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
G0070
Related Malware (3)
Metadata
| ID: | 158 |
| Created: | 13/01/2026 17:48 |
| Updated: | 07/03/2026 04:00 |