Storm-0501

MISP
Tipo:
Unknown
Paese:
Unknown
Prima attivita:
Unknown
Dettagli:

[Storm-0501](https://attack.mitre.org/groups/G1053) is a financially motivated cyber criminal group that uses commodity and open-source tools to conduct ransomware operations. [Storm-0501](https://attack.mitre.org/groups/G1053) has been active since 2021 and has previously been affiliated with Sabbath Ransomware and other Ransomware-as-a-Service (RaaS) variants such as Hive, [BlackCat](https://attack.mitre.org/software/S1068), Hunters International, [LockBit 3.0](https://attack.mitre.org/software/S1202), and [Embargo](https://attack.mitre.org/software/S1247) ransomware.(Citation: Avertium Storm-0501 Sabbath Ransomware Arcane January 2022)(Citation: Microsoft Storm-501 Sabbath Ransomware Embargo September 2024)(Citation: Microsoft Storm-0501 Embargo Ransomware August 2025)(Citation: Google Mandiant Storm-0501 Sabbath Ransomware November 2021)

MITRE ATT&CK: View on MITRE
Tecniche Utilizzate (42)
ID ATT&CK Tattiche
T1003 OS Credential Dumping -
T1003.006 DCSync -
T1021.006 Windows Remote Management -
T1021.007 Cloud Services -
T1027.002 Software Packing -
T1036.004 Masquerade Task or Service -
T1053.005 Scheduled Task -
T1057 Process Discovery -
T1059.001 PowerShell -
T1059.009 Cloud API -
T1078.004 Cloud Accounts -
T1082 System Information Discovery -
T1087.002 Domain Account -
T1087.004 Cloud Account -
T1098.001 Additional Cloud Credentials -
Riferimenti (1)
Malware Utilizzato (8)
AADInternals
tool
Cobalt Strike
other
Embargo
other
Impacket
tool
Net
tool
Nltest
tool
Rclone
tool
Tasklist
tool
Metadata
ID: 744
Created: 13/01/2026 17:48
Updated: 21/04/2026 16:00