Skip to content

Hide Navigation Hide TOC

Stealth Falcon (dab75e38-6969-4e78-9304-dc269c3cbcf0)

This threat actor targets civil society groups and Emirati journalists, activists, and dissidents.

Cluster A Galaxy A Cluster B Galaxy B Level
Stealth Falcon - G0038 (894aab42-3371-47b1-8859-a4a074c804c8) Intrusion Set Stealth Falcon (dab75e38-6969-4e78-9304-dc269c3cbcf0) Threat Actor 1
Windows Management Instrumentation - T1047 (01a5a209-b94c-450b-b7f9-946497d91055) Attack Pattern Stealth Falcon - G0038 (894aab42-3371-47b1-8859-a4a074c804c8) Intrusion Set 2
System Owner/User Discovery - T1033 (03d7999c-1f4c-42cc-8373-e7690d318104) Attack Pattern Stealth Falcon - G0038 (894aab42-3371-47b1-8859-a4a074c804c8) Intrusion Set 2
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern Stealth Falcon - G0038 (894aab42-3371-47b1-8859-a4a074c804c8) Intrusion Set 2
System Network Configuration Discovery - T1016 (707399d6-ab3e-4963-9315-d9d3818cd6a0) Attack Pattern Stealth Falcon - G0038 (894aab42-3371-47b1-8859-a4a074c804c8) Intrusion Set 2
Stealth Falcon - G0038 (894aab42-3371-47b1-8859-a4a074c804c8) Intrusion Set Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern 2
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Stealth Falcon - G0038 (894aab42-3371-47b1-8859-a4a074c804c8) Intrusion Set 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Stealth Falcon - G0038 (894aab42-3371-47b1-8859-a4a074c804c8) Intrusion Set 2
Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern Stealth Falcon - G0038 (894aab42-3371-47b1-8859-a4a074c804c8) Intrusion Set 2
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Stealth Falcon - G0038 (894aab42-3371-47b1-8859-a4a074c804c8) Intrusion Set 2
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Stealth Falcon - G0038 (894aab42-3371-47b1-8859-a4a074c804c8) Intrusion Set 2
Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern Stealth Falcon - G0038 (894aab42-3371-47b1-8859-a4a074c804c8) Intrusion Set 2
Stealth Falcon - G0038 (894aab42-3371-47b1-8859-a4a074c804c8) Intrusion Set Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern 2
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Stealth Falcon - G0038 (894aab42-3371-47b1-8859-a4a074c804c8) Intrusion Set 2
Data from Local System - T1005 (3c4a2599-71ee-4405-ba1e-0e28414b4bc5) Attack Pattern Stealth Falcon - G0038 (894aab42-3371-47b1-8859-a4a074c804c8) Intrusion Set 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern Stealth Falcon - G0038 (894aab42-3371-47b1-8859-a4a074c804c8) Intrusion Set 2
Stealth Falcon - G0038 (894aab42-3371-47b1-8859-a4a074c804c8) Intrusion Set Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern 2
Symmetric Cryptography - T1573.001 (24bfaeba-cb0d-4525-b3dc-507c77ecec41) Attack Pattern Encrypted Channel - T1573 (b8902400-e6c5-4ba2-95aa-2d35b442b118) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Credentials from Web Browsers - T1555.003 (58a3e6aa-4453-4cc8-a51f-4befe80b31a8) Attack Pattern 3
PowerShell - T1059.001 (970a3432-3237-47ad-bcca-7d8cbb217736) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Credentials from Password Stores - T1555 (3fc9b85a-2862-4363-a64d-d692e3ffbee0) Attack Pattern Windows Credential Manager - T1555.004 (d336b553-5da9-46ca-98a8-0b23f49fb447) Attack Pattern 3
Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern 3
Scheduled Task - T1053.005 (005a06c6-14bf-4118-afa0-ebcd8aebb0c9) Attack Pattern Scheduled Task/Job - T1053 (35dd844a-b219-4e2b-a6bb-efa9a75995a9) Attack Pattern 3