Home > List all groups > List all tools > List all groups using tool Metel

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Metel

TypeReconnaissance, Backdoor, Credential stealer, Info stealer
Description(Kaspersky) Metel, the Russian word for blizzard, burrows its way into a financial organization using cleverly crafted spear phishing emails laced with malware, or luring victims to sites hosting the Niteris EK. The malware steals system information including process lists and screenshots, sending it to the attackers who evaluate whether the infected machine is interesting enough load the remainder of the Metel malware package.

The malware contains more than 30 modules—some homemade, some taken from publicly available sources. The attackers also use legitimate pen-testing tools such as mimikatz, which is freely available and used by analysts to extract plaintext passwords, hashes, PIN codes and Kerberos tickets from the memory of Windows machines.

Using this stolen data, the attackers are available to pivot internally, stealing credentials until they landed on a domain controller. With the reins of a domain controller, the attackers could extend their reach onto any machine.

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

Previous: Metasploit Stager
Next: Meterpreter

All groups using tool Metel


APT groups

 Corkow, MetelRussia2011 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key