ToddyCat
MISP
Type:
Unknown
Unknown
Country:
Unknown
Unknown
First seen:
Unknown
Unknown
Details:
[ToddyCat](https://attack.mitre.org/groups/G1022) is a sophisticated threat group that has been active since at least 2020 using custom loaders and malware in multi-stage infection chains against government and military targets across Europe and Asia.(Citation: Kaspersky ToddyCat June 2022)(Citation: Kaspersky ToddyCat Check Logs October 2023)
MITRE ATT&CK:
View on MITRE
Techniques Used (25)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1005 | Data from Local System | - |
| T1018 | Remote System Discovery | - |
| T1021.002 | SMB/Windows Admin Shares | - |
| T1036.005 | Match Legitimate Resource Name or Location | - |
| T1047 | Windows Management Instrumentation | - |
| T1049 | System Network Connections Discovery | - |
| T1053.005 | Scheduled Task | - |
| T1057 | Process Discovery | - |
| T1059.001 | PowerShell | - |
| T1059.003 | Windows Command Shell | - |
| T1069.002 | Domain Groups | - |
| T1074.002 | Remote Data Staging | - |
| T1078.002 | Domain Accounts | - |
| T1083 | File and Directory Discovery | - |
| T1087.002 | Domain Account | - |
References (6)
- bleepingcomputer.com - New Toddycat Apt Group Targets Exchange Servers In Asia Europe
- securelist.com - 106799
- welivesecurity.com - Exchange Servers Under Siege 10 Apt Groups
- gteltsc.vn - Cap Nhat Nhe Ve Lo Hong Bao Mat 0day Microsoft Exchange Dang Duoc Su Dung De Tan Cong Cac To Chuc Tai Viet Nam 9685
- community.riskiq.com - D8b749f2
- teamt5.org - Assassinations Of Minininja In Various Apac Countries
Aliases (196)
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Websiic
Related Malware (9)
Metadata
| ID: | 367 |
| Created: | 13/01/2026 17:48 |
| Updated: | 21/04/2026 16:00 |