Storm-1811
MITRE
Tipo:
Unknown
Unknown
Paese:
Unknown
Unknown
Prima attivita:
Unknown
Unknown
Dettagli:
[Storm-1811](https://attack.mitre.org/groups/G1046) is a financially-motivated entity linked to [Black Basta](https://attack.mitre.org/software/S1070) ransomware deployment. [Storm-1811](https://attack.mitre.org/groups/G1046) is notable for unique phishing and social engineering mechanisms for initial access, such as overloading victim email inboxes with non-malicious spam to prompt a fake "help desk" interaction leading to the deployment of adversary tools and capabilities.(Citation: Microsoft Storm-1811 2024)(Citation: rapid7-email-bombing)(Citation: RedCanary Storm-1811 2024)(Citation: RedCanary June Insights 2024)
MITRE ATT&CK:
View on MITRE
Tecniche Utilizzate (31)
| ID | ATT&CK | Tattiche |
|---|---|---|
| T1021.002 | SMB/Windows Admin Shares | - |
| T1021.004 | SSH | - |
| T1027.013 | Encrypted/Encoded File | - |
| T1033 | System Owner/User Discovery | - |
| T1036 | Masquerading | - |
| T1036.005 | Match Legitimate Resource Name or Location | - |
| T1036.010 | Masquerade Account Name | - |
| T1048.002 | Exfiltration Over Asymmetric Encrypted Non-C2 Protocol | - |
| T1056 | Input Capture | - |
| T1059.001 | PowerShell | - |
| T1059.003 | Windows Command Shell | - |
| T1074.001 | Local Data Staging | - |
| T1087.002 | Domain Account | - |
| T1105 | Ingress Tool Transfer | - |
| T1140 | Deobfuscate/Decode Files or Information | - |
Malware Utilizzato (7)
Metadata
| ID: | 893 |
| Created: | 13/01/2026 17:48 |
| Updated: | 21/04/2026 16:00 |