Skip to content

Hide Navigation Hide TOC

Poseidon Group (5fc09923-fcff-4e81-9cae-4518ef31cf4d)

Poseidon Group is a Portuguese-speaking threat group that has been active since at least 2005. The group has a history of using information exfiltrated from victims to blackmail victim companies into contracting the Poseidon Group as a security firm.

Cluster A Galaxy A Cluster B Galaxy B Level
Poseidon Group (5fc09923-fcff-4e81-9cae-4518ef31cf4d) Threat Actor Poseidon Group - G0033 (7ecc3b4f-5cdb-457e-b55a-df376b359446) Intrusion Set 1
OS Credential Dumping - T1003 (0a3ead4e-6d47-4ccb-854c-a6a4f9d96b22) Attack Pattern Poseidon Group - G0033 (7ecc3b4f-5cdb-457e-b55a-df376b359446) Intrusion Set 2
Poseidon Group - G0033 (7ecc3b4f-5cdb-457e-b55a-df376b359446) Intrusion Set Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 2
System Network Connections Discovery - T1049 (7e150503-88e7-4861-866b-ff1ac82c4475) Attack Pattern Poseidon Group - G0033 (7ecc3b4f-5cdb-457e-b55a-df376b359446) Intrusion Set 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Poseidon Group - G0033 (7ecc3b4f-5cdb-457e-b55a-df376b359446) Intrusion Set 2
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Poseidon Group - G0033 (7ecc3b4f-5cdb-457e-b55a-df376b359446) Intrusion Set 2
System Service Discovery - T1007 (322bad5a-1c49-4d23-ab79-76d641794afa) Attack Pattern Poseidon Group - G0033 (7ecc3b4f-5cdb-457e-b55a-df376b359446) Intrusion Set 2
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Poseidon Group - G0033 (7ecc3b4f-5cdb-457e-b55a-df376b359446) Intrusion Set 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Poseidon Group - G0033 (7ecc3b4f-5cdb-457e-b55a-df376b359446) Intrusion Set 2
Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern Local Account - T1087.001 (25659dd6-ea12-45c4-97e6-381e3e4b593e) Attack Pattern 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Domain Account - T1087.002 (21875073-b0ee-49e3-9077-1e2a885359af) Attack Pattern Account Discovery - T1087 (72b74d71-8169-42aa-92e0-e7b04b9f5a08) Attack Pattern 3
Match Legitimate Name or Location - T1036.005 (1c4e5d32-1fe9-4116-9d9d-59e3925bd6a2) Attack Pattern Masquerading - T1036 (42e8de7b-37b2-4258-905a-6897815e58e0) Attack Pattern 3