No high-confidence, content-supported description is available for a threat actor named “origami_elephant” in the provided material. The content only mentions “Origami Elephant” as an APT codebase/source referenced within Mysterious Elephant malware (i.e., Kaspersky found Mysterious Elephant malware containing code from multiple APT groups, including Origami Elephant) and notes that an early Mysterious Elephant downloader (“Vtyrei”) was previously connected to Origami Elephant. No direct details are provided about Origami Elephant’s targeting, TTPs, tooling, infrastructure, geography, or attribution beyond these references.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
8 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
1 malware family attributed to this actor across reporting.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Referenced as an APT whose tooling/code (including the Vtyrei downloader) was historically used by Origami Elephant and later adopted/maintained by Mysterious Elephant.
Cluster associated with downloader/backdoor development and limited targeting in Pakistan and Afghanistan; includes CSVtyrei downloader and Firebird .NET backdoor protected with ConfuserEx.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.