← All Threat Actors
Threat Actor Profile

Metador

G1013
▲ High Threat
Metador primarily targets telecommunications, internet service providers, and universities in several countries in the Middle East and Africa. Metador’s attack chains are designed to bypass native security solutions while deploying malware platforms directly into memory. SentinelLabs researchers discovered variants of two long-standing Windows malware platforms, and indications of an additional Linux implant.
Origin

Known TTPs

Web Protocols
Windows Command Shell
Malware
Windows Management Instrumentation Event Subscription
Encrypted/Encoded File
File Deletion
Non-Application Layer Protocol
Tool
Ingress Tool Transfer

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD