NEODYMIUM is an activity group that conducted a campaign in May 2016 and has heavily targeted Turkish victims. The group has demonstrated similarity to another activity group called PROMETHIUM due to overlapping victim and campaign characteristics. [1] [2] NEODYMIUM is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified. [3]

ID: G0055
Version: 1.0


S0176Wingbird[1][2]DLL Side-Loading, Exploitation for Privilege Escalation, File Deletion, LSASS Driver, New Service, Process Injection, Security Software Discovery, Service Execution, System Information Discovery