RedCurl

Directly Linked Intrusion Sets	Red Wolf , Earth Kapre

RedCurl is an intrusion set originally identified by Group-IB that has been active since at least 2018. Group-IB researchers have identified the groups goal as corporate cyber espionage and document theft.

Cyber Threat Graph Context

Explore how this Intrusion Set relates to the wider threat graph

RedCurl Threat Reports

Report

REDCURL - The pentest you didn't know about

This report by researchers at Group-IB outlines activity by a group they call RedCurl. The report identifies victimology and motivation (corporate ...

View Source

References

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use by this intrusion set.

Search:

ATT&CK ID	Title	Associated Tactics
T1059.001	PowerShell	Execution
T1003.001	LSASS Memory	Credential Access
T1087.003	Email Account	Discovery
T1005	Data from Local System	Collection
T1053.005	Scheduled Task	Execution, Persistence, Privilege Escalation
T1218.011	Rundll32	Defense Evasion
T1114.001	Local Email Collection	Collection
T1059.003	Windows Command Shell	Execution
T1070.004	File Deletion	Defense Evasion
T1566.002	Spearphishing Link	Initial Access
T1555.003	Credentials from Web Browsers	Credential Access
T1537	Transfer Data to Cloud Account	Exfiltration
T1071.001	Web Protocols	Command and Control
T1036.005	Match Legitimate Name or Location	Defense Evasion
T1082	System Information Discovery	Discovery
T1564.001	Hidden Files and Directories	Defense Evasion
T1020	Automated Exfiltration	Exfiltration
T1056.002	GUI Input Capture	Collection, Credential Access
T1119	Automated Collection	Collection
T1087.001	Local Account	Discovery
T1547.001	Registry Run Keys / Startup Folder	Persistence, Privilege Escalation
T1039	Data from Network Shared Drive	Collection
T1102	Web Service	Command and Control
T1087.002	Domain Account	Discovery
T1080	Taint Shared Content	Lateral Movement
T1552.002	Credentials in Registry	Credential Access
T1204.002	Malicious File	Execution
T1083	File and Directory Discovery	Discovery
T1552.001	Credentials In Files	Credential Access
T1027	Obfuscated Files or Information	Defense Evasion
T1059.005	Visual Basic	Execution

Showing 1 to 31 of 31 entries

RedCurl

Cyber Threat Graph Context

RedCurl Threat Reports

REDCURL - The pentest you didn't know about

References

www.group-ib.com

bi-zone.medium.com

go.group-ib.com

go.group-ib.com

www.trendmicro.com

MITRE ATT&CK Techniques