Ghostwriter

MITRE G1026Also known as UNC1151, Storm-0257, UAC-0057, FrostyNeighbor, PUSHCHA, TA445, Umbral Bison, White Lynx
Reports
5
First seen
May 14
Last seen
Jun 18
Motivation
espionage, espionage, influence operations, disinfo

Targeting

Sectors
government ×3other ×1
Victim regions
Ukraine ×3Poland ×1

Top ATT&CK techniques

T1566 Phishing ×5T1105 Ingress Tool Transfer ×3T1566.001 Phishing: Spearphishing Attachment ×3T1005 Data from Local System ×3T1059.007 JavaScript ×3T1082 System Information Discovery ×3T1566.002 Phishing: Spearphishing Link ×2T1204.001 User Execution: Malicious Link ×2T1204 User Execution ×2T1041 Exfiltration Over C2 Channel ×2T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Tools ×1T1112 Modify Registry ×1

Indicators

cve ×5filename ×2domain ×1

Indicator values are available on Pro and via the API.

Associated CVEs

Recent reports

This page shows data on a 7-day delay. Free accounts get the full delayed feed; real-time reports, indicators, and the API start at $29/mo.