The White Company

Introduction

The White Company is a likely state-sponsored threat actor with advanced capabilities. From 2017 through 2018, the group led an espionage campaign called Operation Shaheen targeting government and military organizations in Pakistan. Cylance Shaheen Nov 2018

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

• T1027.002 Software Packing
• T1518.001 Security Software Discovery
• T1203 Exploitation for Client Execution
• T1070.004 File Deletion
• T1566.001 Spearphishing Attachment
• T1204.002 Malicious File
• T1124 System Time Discovery

ATT&CK technique IDs (denormalized)

• T1027.002
• T1070.004
• T1124
• T1203
• T1204.002
• T1518.001
• T1566.001

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

• CyberGate:
• Cyber Eye RAT:

MITRE ATT&CK Software

• Revenge RAT (S0379) — malware
• NETWIRE (S0198) — malware

Attribution and Evidence

Information pending cataloguing.

References

[1] mitre-attack [2] Cylance Shaheen Nov 2018 Livelli, K, et al. (2018, November 12). Operation Shaheen. Retrieved May 1, 2019. [3] Cylance Shaheen Nov 2018