• Matrices
  • Tactics
    Enterprise Mobile ICS
  • Techniques
    Enterprise Mobile ICS
  • Data Sources
  • Mitigations
    Enterprise Mobile ICS
  • Groups
  • Software
  • Campaigns
  • Resources
    General Information Getting Started Training ATT&CKcon Working with ATT&CK FAQ Updates Versions of ATT&CK Related Projects
  • Blog  External site
  • Contribute
ATT&CK v12 is now live! Check out the updates here
GROUPS
Overview
admin@338
Ajax Security Team
ALLANITE
Andariel
Aoqin Dragon
APT-C-36
APT1
APT12
APT16
APT17
APT18
APT19
APT28
APT29
APT3
APT30
APT32
APT33
APT37
APT38
APT39
APT41
Aquatic Panda
Axiom
BackdoorDiplomacy
BITTER
BlackOasis
BlackTech
Blue Mockingbird
Bouncing Golf
BRONZE BUTLER
Carbanak
Chimera
Cleaver
Cobalt Group
Confucius
CopyKittens
Dark Caracal
Darkhotel
DarkHydrus
DarkVishnya
Deep Panda
Dragonfly
DragonOK
Earth Lusca
Elderwood
Ember Bear
Equation
Evilnum
EXOTIC LILY
Ferocious Kitten
FIN10
FIN4
FIN5
FIN6
FIN7
FIN8
Fox Kitten
GALLIUM
Gallmaker
Gamaredon Group
GCMAN
GOLD SOUTHFIELD
Gorgon Group
Group5
HAFNIUM
HEXANE
Higaisa
Inception
IndigoZebra
Indrik Spider
Ke3chang
Kimsuky
LAPSUS$
Lazarus Group
LazyScripter
Leafminer
Leviathan
Lotus Blossom
Machete
Magic Hound
menuPass
Moafee
Mofang
Molerats
Moses Staff
MuddyWater
Mustang Panda
Naikon
NEODYMIUM
Nomadic Octopus
OilRig
Orangeworm
Patchwork
PittyTiger
PLATINUM
POLONIUM
Poseidon Group
PROMETHIUM
Putter Panda
Rancor
Rocke
RTM
Sandworm Team
Scarlet Mimic
SideCopy
Sidewinder
Silence
Silent Librarian
SilverTerrier
Sowbug
Stealth Falcon
Strider
Suckfly
TA459
TA505
TA551
TeamTNT
TEMP.Veles
The White Company
Threat Group-1314
Threat Group-3390
Thrip
Tonto Team
Transparent Tribe
Tropic Trooper
Turla
Volatile Cedar
Whitefly
Windigo
Windshift
Winnti Group
WIRTE
Wizard Spider
ZIRCONIUM
GROUPS
Overview
A-B
admin@338
Ajax Security Team
ALLANITE
Andariel
Aoqin Dragon
APT-C-36
APT1
APT12
APT16
APT17
APT18
APT19
APT28
APT29
APT3
APT30
APT32
APT33
APT37
APT38
APT39
APT41
Aquatic Panda
Axiom
BackdoorDiplomacy
BITTER
BlackOasis
BlackTech
Blue Mockingbird
Bouncing Golf
BRONZE BUTLER
C-D
Carbanak
Chimera
Cleaver
Cobalt Group
Confucius
CopyKittens
Dark Caracal
Darkhotel
DarkHydrus
DarkVishnya
Deep Panda
Dragonfly
DragonOK
E-F
Earth Lusca
Elderwood
Ember Bear
Equation
Evilnum
EXOTIC LILY
Ferocious Kitten
FIN10
FIN4
FIN5
FIN6
FIN7
FIN8
Fox Kitten
G-H
GALLIUM
Gallmaker
Gamaredon Group
GCMAN
GOLD SOUTHFIELD
Gorgon Group
Group5
HAFNIUM
HEXANE
Higaisa
I-J
Inception
IndigoZebra
Indrik Spider
K-L
Ke3chang
Kimsuky
LAPSUS$
Lazarus Group
LazyScripter
Leafminer
Leviathan
Lotus Blossom
M-N
Machete
Magic Hound
menuPass
Moafee
Mofang
Molerats
Moses Staff
MuddyWater
Mustang Panda
Naikon
NEODYMIUM
Nomadic Octopus
O-P
OilRig
Orangeworm
Patchwork
PittyTiger
PLATINUM
POLONIUM
Poseidon Group
PROMETHIUM
Putter Panda
Q-R
Rancor
Rocke
RTM
S-T
Sandworm Team
Scarlet Mimic
SideCopy
Sidewinder
Silence
Silent Librarian
SilverTerrier
Sowbug
Stealth Falcon
Strider
Suckfly
TA459
TA505
TA551
TeamTNT
TEMP.Veles
The White Company
Threat Group-1314
Threat Group-3390
Thrip
Tonto Team
Transparent Tribe
Tropic Trooper
Turla
U-V
Volatile Cedar
W-X
Whitefly
Windigo
Windshift
Winnti Group
WIRTE
Wizard Spider
Y-Z
ZIRCONIUM
  1. Home
  2. Groups
  3. NEODYMIUM

NEODYMIUM

NEODYMIUM is an activity group that conducted a campaign in May 2016 and has heavily targeted Turkish victims. The group has demonstrated similarity to another activity group called PROMETHIUM due to overlapping victim and campaign characteristics. [1] [2] NEODYMIUM is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified. [3]

ID: G0055
Version: 1.0
Created: 16 January 2018
Last Modified: 25 March 2019
Version Permalink
Live Version

Software

ID Name References Techniques
S0176 Wingbird [1][2] Boot or Logon Autostart Execution: LSASS Driver, Create or Modify System Process: Windows Service, Exploitation for Privilege Escalation, Hijack Execution Flow: DLL Side-Loading, Indicator Removal: File Deletion, Process Injection, Software Discovery: Security Software Discovery, System Information Discovery, System Services: Service Execution

References

  1. Microsoft. (2016, December 14). Twin zero-day attacks: PROMETHIUM and NEODYMIUM target individuals in Europe. Retrieved November 27, 2017.
  2. Anthe, C. et al. (2016, December 14). Microsoft Security Intelligence Report Volume 21. Retrieved November 27, 2017.
  1. Bing, C. (2017, October 16). Middle Eastern hacking group is using FinFisher malware to conduct international espionage. Retrieved February 15, 2018.
×

© 2015-2022, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

Privacy Policy
Terms of Use
ATT&CK v12.1
@MITREattack
Contact