NEODYMIUM

NEODYMIUM is an activity group that conducted a campaign in May 2016 and has heavily targeted Turkish victims. The group has demonstrated similarity to another activity group called PROMETHIUM due to overlapping victim and campaign characteristics. [1] [2] NEODYMIUM is reportedly associated closely with BlackOasis operations, but evidence that the group names are aliases has not been identified. [3]

ID: G0055
Aliases: NEODYMIUM
Version: 1.0

Alias Descriptions

NameDescription
NEODYMIUM[1] [2]

Software

IDNameTechniques
S0176WingbirdDLL Side-Loading, Exploitation for Privilege Escalation, File Deletion, LSASS Driver, New Service, Process Injection, Security Software Discovery, Service Execution, System Information Discovery

References