Clankerusecase
Threat-actor profile
 ← Back to main site
Home/ Threat Actors/ PROMETHIUM

🌐PROMETHIUM

🌐 PROMETHIUM is a tracked threat actor in the Clankerusecase corpus. ??-aligned. Primary motivation: Unknown. We map 14 detection use cases to this actor across 11 MITRE ATT&CK techniques, with 0 threat-intel articles citing them.

View full actor card → All threat actors MITRE ATT&CK group spec (G0056) ↗
14Use cases
0Articles
11Techniques
0IOCs

About this actor (MITRE)

[PROMETHIUM](https://attack.mitre.org/groups/G0056) is an activity group focused on espionage that has been active since at least 2012. The group has conducted operations globally with a heavy emphasis on Turkish targets. [PROMETHIUM](https://attack.mitre.org/groups/G0056) has demonstrated similarity to another activity group called [NEODYMIUM](https://attack.mitre.org/groups/G0055) due to overlapping victim and campaign characteristics.(Citation: Microsoft NEODYMIUM Dec 2016)(Citation: Microsoft SIR Vol 21)(Citation: Talos Promethium June 2020)

Known aliases

PROMETHIUMStrongPity

Top techniques

T1036.004 · Masquerade Task or ServiceT1036.005 · Match Legitimate Resource Name or LocationT1078.003 · Local Accounts

All other tracked techniques

T1189 · Drive-by CompromiseT1204.002 · Malicious FileT1205.001 · Port KnockingT1543.003 · Windows ServiceT1547.001 · Registry Run Keys / Startup FolderT1553.002 · Code SigningT1587.002 · Code Signing CertificatesT1587.003 · Digital Certificates

Detection use cases (14)

PROMETHIUM/StrongPity trojanized-installer → masqueraded service drop chain AI · profile S PROMETHIUM service masquerading legitimate Windows binary names from non-System32 path AI · profile SΣ Brand-Impersonation Domain Fetch Followed by User-Context Loader Within 10 Minutes MITRE match Developer package install spawning script-host with non-registry C2 within 5 minutes MITRE match Package Manager / Dev-Tool Auto-Execution Triggers Non-Registry Egress or Credential-Store Access MITRE match Package Manager Install Spawning Outbound Egress to Non-Registry Infrastructure Within 5 Minutes MITRE match Package manager lifecycle hook spawns network-fetching shell or runtime MITRE match Email attachment opened from external sender MITRE match Service install for persistence — sc.exe / new service registry write MITRE match Attacker Tools On Endpoint MITRE match Cisco ASA - New Local User Account Created MITRE match Cisco ASA - User Privilege Level Change MITRE match Cisco Secure Firewall - Blacklisted SSL Certificate Fingerprint MITRE match CMD Echo Pipe - Escalation MITRE match