Skip to content

Hide Navigation Hide TOC

NEODYMIUM (47b5007a-3fb1-466a-9578-629e6e735493)

NEODYMIUM is an activity group that is known to use a backdoor malware detected by Microsoft as Wingbird. This backdoor’s characteristics closely match FinFisher, a government-grade commercial surveillance package. Data about Wingbird activity indicate that it is typically used to attack individual computers instead of networks.

Cluster A Galaxy A Cluster B Galaxy B Level
NEODYMIUM - G0055 (025bdaa9-897d-4bad-afa6-013ba5734653) Intrusion Set NEODYMIUM (47b5007a-3fb1-466a-9578-629e6e735493) Microsoft Activity Group actor 1
NEODYMIUM (47b5007a-3fb1-466a-9578-629e6e735493) Microsoft Activity Group actor NEODYMIUM (ada08ea8-4517-4eea-aff1-3ad69e5466bb) Threat Actor 1
NEODYMIUM - G0055 (025bdaa9-897d-4bad-afa6-013ba5734653) Intrusion Set NEODYMIUM (ada08ea8-4517-4eea-aff1-3ad69e5466bb) Threat Actor 2
NEODYMIUM - G0055 (025bdaa9-897d-4bad-afa6-013ba5734653) Intrusion Set Wingbird - S0176 (a8d3d497-2da9-4797-8e0b-ed176be08654) Malware 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Wingbird - S0176 (a8d3d497-2da9-4797-8e0b-ed176be08654) Malware 3
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) Attack Pattern Wingbird - S0176 (a8d3d497-2da9-4797-8e0b-ed176be08654) Malware 3
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Wingbird - S0176 (a8d3d497-2da9-4797-8e0b-ed176be08654) Malware 3
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Wingbird - S0176 (a8d3d497-2da9-4797-8e0b-ed176be08654) Malware 3
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Wingbird - S0176 (a8d3d497-2da9-4797-8e0b-ed176be08654) Malware 3
Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern Wingbird - S0176 (a8d3d497-2da9-4797-8e0b-ed176be08654) Malware 3
Process Injection - T1055 (43e7dc91-05b2-474c-b9ac-2ed4fe101f4d) Attack Pattern Wingbird - S0176 (a8d3d497-2da9-4797-8e0b-ed176be08654) Malware 3
Exploitation for Privilege Escalation - T1068 (b21c3b2d-02e6-45b1-980b-e69051040839) Attack Pattern Wingbird - S0176 (a8d3d497-2da9-4797-8e0b-ed176be08654) Malware 3
Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern Wingbird - S0176 (a8d3d497-2da9-4797-8e0b-ed176be08654) Malware 3
LSASS Driver - T1547.008 (f0589bc3-a6ae-425a-a3d5-5659bfee07f4) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 4
File Deletion - T1070.004 (d63a3fb8-9452-4e9d-a60a-54be68d5998c) Attack Pattern Indicator Removal - T1070 (799ace7f-e227-4411-baa0-8868704f2a69) Attack Pattern 4
Windows Service - T1543.003 (2959d63f-73fd-46a1-abd2-109d7dcede32) Attack Pattern Create or Modify System Process - T1543 (106c0cf6-bf73-4601-9aa8-0945c2715ec5) Attack Pattern 4
DLL Side-Loading - T1574.002 (e64c62cf-9cd7-4a14-94ec-cdaac43ab44b) Attack Pattern Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6) Attack Pattern 4
Software Discovery - T1518 (e3b6daca-e963-4a69-aee6-ed4fd653ad58) Attack Pattern Security Software Discovery - T1518.001 (cba37adb-d6fb-4610-b069-dd04c0643384) Attack Pattern 4
System Services - T1569 (d157f9d2-d09a-4efa-bb2a-64963f94e253) Attack Pattern Service Execution - T1569.002 (f1951e8a-500e-4a26-8803-76d95c4554b4) Attack Pattern 4