Silent Librarian - G0122 (90784c1e-4aba-40eb-9adf-7556235e6384)

Silent Librarian is a group that has targeted research and proprietary data at universities, government agencies, and private sector companies worldwide since at least 2013. Members of Silent Librarian are known to have been affiliated with the Iran-based Mabna Institute which has conducted cyber intrusions at the behest of the government of Iran, specifically the Islamic Revolutionary Guard Corps (IRGC).(Citation: DOJ Iran Indictments March 2018)(Citation: Phish Labs Silent Librarian)(Citation: Malwarebytes Silent Librarian October 2020)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	Silent Librarian - G0122 (90784c1e-4aba-40eb-9adf-7556235e6384)	Intrusion Set	1
Search Victim-Owned Websites - T1594 (16cdd21f-da65-4e4f-bc04-dd7d198c7b26)	Attack Pattern	Silent Librarian - G0122 (90784c1e-4aba-40eb-9adf-7556235e6384)	Intrusion Set	1
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	Silent Librarian - G0122 (90784c1e-4aba-40eb-9adf-7556235e6384)	Intrusion Set	1
Silent Librarian - G0122 (90784c1e-4aba-40eb-9adf-7556235e6384)	Intrusion Set	Link Target - T1608.005 (84ae8255-b4f4-4237-b5c5-e717405a9701)	Attack Pattern	1
Silent Librarian - G0122 (90784c1e-4aba-40eb-9adf-7556235e6384)	Intrusion Set	Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421)	Attack Pattern	1
Valid Accounts - T1078 (b17a1a56-e99c-403c-8948-561df0cffe81)	Attack Pattern	Silent Librarian - G0122 (90784c1e-4aba-40eb-9adf-7556235e6384)	Intrusion Set	1
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	Silent Librarian - G0122 (90784c1e-4aba-40eb-9adf-7556235e6384)	Intrusion Set	1
Silent Librarian - G0122 (90784c1e-4aba-40eb-9adf-7556235e6384)	Intrusion Set	Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0)	Attack Pattern	1
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Silent Librarian - G0122 (90784c1e-4aba-40eb-9adf-7556235e6384)	Intrusion Set	1
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Silent Librarian - G0122 (90784c1e-4aba-40eb-9adf-7556235e6384)	Intrusion Set	1
Silent Librarian - G0122 (90784c1e-4aba-40eb-9adf-7556235e6384)	Intrusion Set	Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	1
Silent Librarian - G0122 (90784c1e-4aba-40eb-9adf-7556235e6384)	Intrusion Set	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	1
Silent Librarian - G0122 (90784c1e-4aba-40eb-9adf-7556235e6384)	Intrusion Set	Employee Names - T1589.003 (76551c52-b111-4884-bc47-ff3e728f0156)	Attack Pattern	1
Spearphishing Link - T1598.003 (2d3f5b3c-54ca-4f4d-bb1f-849346d31230)	Attack Pattern	Phishing for Information - T1598 (cca0ccb6-a068-4574-a722-b1556f86833a)	Attack Pattern	2
Email Addresses - T1589.002 (69f897fd-12a9-4c89-ad6a-46d2f3c38262)	Attack Pattern	Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	2
Link Target - T1608.005 (84ae8255-b4f4-4237-b5c5-e717405a9701)	Attack Pattern	Stage Capabilities - T1608 (84771bc3-f6a0-403e-b144-01af70e5fda0)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Digital Certificates - T1588.004 (19401639-28d0-4c3c-adcc-bc2ba22f6421)	Attack Pattern	2
Email Accounts - T1585.002 (65013dd2-bc61-43e3-afb5-a14c4fa7437a)	Attack Pattern	Establish Accounts - T1585 (cdfc5f0a-9bb9-4352-b896-553cfa2d8fd8)	Attack Pattern	2
Email Collection - T1114 (1608f3e1-598a-42f4-a01a-2e252e81728f)	Attack Pattern	Email Forwarding Rule - T1114.003 (7d77a07d-02fe-4e88-8bd9-e9c008c01bf0)	Attack Pattern	2
Password Spraying - T1110.003 (692074ae-bb62-4a5e-a735-02cb6bde458c)	Attack Pattern	Brute Force - T1110 (a93494bb-4b80-4ea1-8695-3236a49916fd)	Attack Pattern	2
Domains - T1583.001 (40f5caa0-4cb7-4117-89fc-d421bb493df3)	Attack Pattern	Acquire Infrastructure - T1583 (0458aab9-ad42-4eac-9e22-706a95bafee2)	Attack Pattern	2
Obtain Capabilities - T1588 (ce0687a0-e692-4b77-964a-0784a8e54ff1)	Attack Pattern	Tool - T1588.002 (a2fdce72-04b2-409a-ac10-cc1695f4fce0)	Attack Pattern	2
Gather Victim Identity Information - T1589 (5282dd9a-d26d-4e16-88b7-7c0f4553daf4)	Attack Pattern	Employee Names - T1589.003 (76551c52-b111-4884-bc47-ff3e728f0156)	Attack Pattern	2