Home/ Threat Actors/ DarkVishnya

🌐DarkVishnya

🌐 DarkVishnya is a tracked threat actor in the Clankerusecase corpus. ??-aligned. Primary motivation: Unknown. We map 14 detection use cases to this actor across 10 MITRE ATT&CK techniques, with 0 threat-intel articles citing them.

View full actor card → All threat actors MITRE ATT&CK group spec (G0105) ↗

14Use cases

0Articles

10Techniques

0IOCs

About this actor (MITRE)

[DarkVishnya](https://attack.mitre.org/groups/G0105) is a financially motivated threat actor targeting financial institutions in Eastern Europe. In 2017-2018 the group attacked at least 8 banks in this region.(Citation: Securelist DarkVishnya Dec 2018)

Known aliases

DarkVishnya

Top techniques

T1040 · Network Sniffing T1046 · Network Service Discovery T1059.001 · PowerShell

All other tracked techniques

T1110 · Brute Force T1135 · Network Share Discovery T1200 · Hardware Additions T1219 · Remote Access Tools T1543.003 · Windows Service T1571 · Non-Standard Port T1588.002 · Tool

Detection use cases (14)

DarkVishnya rogue physical device — unmanaged internal IP performing port-sweep + SMB/RDP brute force AI · profile S DarkVishnya backdoor RAT installed as Windows service beaconing on a non-standard port AI · profile S 1Password failed sign-in burst MITRE match Brand-Impersonation Domain Fetch Followed by User-Context Loader Within 10 Minutes MITRE match Cross-Platform ClickFix Paste-to-Pipe Loader (UI-Parent Shell with Decode-and-Execute Payload) MITRE match Abnormal Security: brute-force attack detected MITRE match Auth0 anomalous attack-protection event spike MITRE match Auth0 brute-force attack on user MITRE match AWS brute-force ConsoleLogin then AssumeRole MITRE match Azure AD brute-force login MITRE match Fake CAPTCHA / clipboard-injected PowerShell (ClickFix / FakeCaptcha) MITRE match Office app spawning script/LOLBin child process MITRE match Phishing-link click correlated to endpoint execution MITRE match PowerShell encoded / obfuscated command MITRE match