CURIUM is an Iranian threat group first reported in November 2021 that has invested in building a relationship with potential targets via social media over a period of months to establish trust and confidence before sending malware. Security researchers note CURIUM has demonstrated great patience and persistence by chatting with potential targets daily and sending benign files to help lower their security consciousness.
|Enterprise||T1005||Data from Local System|
|Enterprise||T1585||.001||Establish Accounts: Social Media Accounts|
|Enterprise||T1566||.003||Phishing: Spearphishing via Service|
|Enterprise||T1204||.002||User Execution: Malicious File|