PhantomControlPhantomControl

Also known as: PhantomControl

Known aliases
1

Profile

PhantomControl is a sophisticated threat actor that emerged in November 2023. They utilize phishing emails as their initial infection vector and employ a ScreenConnect client to establish a connection for their malicious activities. Their arsenal includes a VBS script that hides its true intentions and reveals a complex mechanism involving PowerShell scripts and image-based data retrieval. PhantomControl has been associated with the Blind Eagle threat actors, showcasing their versatility and reach.

Aliases· 1

PhantomControl

References

  1. https://www.esentire.com/blog/phantomcontrol-returns-with-ande-loader-and-swaetrat
  2. https://www.esentire.com/blog/operation-phantomcontrol
  3. https://securityonline.info/esentire-vs-phantom-unveiling-the-cyber-spooks-dance-of-darkness/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
GhostEmperor
Actor
GhostRedirector
Actor
SHADOW-VOID-042
Actor
PurpleHaze
Actor
BatShadow
Actor
UAC-0099
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.