Home/ Threat Actors/ Equation

🇺🇸Equation

🇺🇸 Equation is a tracked threat actor in the Clankerusecase corpus. US-aligned. Primary motivation: Unknown. We map 1 detection use case to this actor across 4 MITRE ATT&CK techniques, with 0 threat-intel articles citing them.

View full actor card → All threat actors MITRE ATT&CK group spec (G0020) ↗

1Use cases

0Articles

4Techniques

0IOCs

About this actor (MITRE)

[Equation](https://attack.mitre.org/groups/G0020) is a sophisticated threat group that employs multiple remote access tools. The group is known to use zero-day exploits and has developed the capability to overwrite the firmware of hard disk drives. (Citation: Kaspersky Equation QA)

Known aliases

Equation

Top techniques

T1120 · Peripheral Device Discovery T1480.001 · Environmental Keying T1542.002 · Component Firmware

All other tracked techniques

T1564.005 · Hidden File System

Detection use cases (1)

Equation Group (EQGRP / Tilded Team) GrayFish/EquationDrug disk-class lower-filter driver persistence AI · profile SΣ