🇨🇳
Camaro Dragon
APT Group
Information theft and espionage
6 zero-day CVEs
ETDA ✓
Also Known As
No alias recordedTarget Countries 1
Countries highlighted in red
United States
Sectors Targeted
Details
Origin
🇨🇳 CN
Last Updated
28 Oct 2023
MITRE ATT&CK 181
T1001
T1001.003
T1003
T1003.001
T1003.003
T1003.006
T1005 - Data from Local System
T1011 - Exfiltration Over Other Network Medium
T1012 - Query Registry
T1014 - Rootkit
T1016 - System Network Configuration Discovery
T1016.001 - Internet Connection Discovery
T1018 - Remote System Discovery
T1021.001 - Remote Desktop Protocol
T1021.002 - SMB/Windows Admin Shares
T1021.006 - Windows Remote Management
T1027 - Obfuscated Files or Information
T1027.001
T1027.007
T1027.012
T1027.013
T1027.016
T1030
T1033 - System Owner/User Discovery
T1036 - Masquerading
T1036.003 - Rename System Utilities
T1036.004
T1036.005
T1036.007
T1036.008
T1037 - Boot or Logon Initialization Scripts
T1041
T1045 - Software Packing
T1046
T1047
T1048
T1048.003
T1049 - System Network Connections Discovery
T1052
T1052.001
T1053
T1053.005
T1055 - Process Injection
T1056 - Input Capture
T1056.001 - Keylogging
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1059.005
T1059.007
T1060 - Registry Run Keys / Startup Folder
T1064
T1068 - Exploitation for Privilege Escalation
T1069
T1069.002
T1070 - Indicator Removal on Host
T1070.004
T1070.006
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1072
T1074
T1074.001
T1078 - Valid Accounts
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1087
T1087.002
T1090
T1090.003 - Multi-hop Proxy
T1091
T1095 - Non-Application Layer Protocol
T1102
T1102.002 - Bidirectional Communication
T1105 - Ingress Tool Transfer
T1106 - Native API
T1110 - Brute Force
T1110.004 - Credential Stuffing
T1112
T1113 - Screen Capture
T1115 - Clipboard Data
T1119
T1124 - System Time Discovery
T1127 - Trusted Developer Utilities Proxy Execution
T1127.001 - MSBuild
T1129
T1132
T1134 - Access Token Manipulation
T1140 - Deobfuscate/Decode Files or Information
T1176 - Browser Extensions
T1176.002
T1189 - Drive-by Compromise
T1195
T1203
T1204 - User Execution
T1204.001
T1204.002 - Malicious File
T1205
T1218 - Signed Binary Proxy Execution
T1218.004
T1218.005 - Mshta
T1218.007
T1218.014
T1219
T1219.001
T1219.002
T1480
T1489 - Service Stop
T1490 - Inhibit System Recovery
T1495 - Firmware Corruption
T1497 - Virtualization/Sandbox Evasion
T1505 - Server Software Component
T1505.003
T1518 - Software Discovery
T1528 - Steal Application Access Token
T1530 - Data from Cloud Storage Object
T1539
T1543 - Create or Modify System Process
T1546
T1546.003
T1547 - Boot or Logon Autostart Execution
T1547.001 - Registry Run Keys / Startup Folder
T1552
T1553 - Subvert Trust Controls
T1553.002 - Code Signing
T1555 - Credentials from Password Stores
T1557
T1557.002
T1560 - Archive Collected Data
T1560.001
T1560.003
T1562 - Impair Defenses
T1564
T1564.001
T1566 - Phishing
T1566.001
T1566.002
T1567
T1567.002
T1569 - System Services
T1571 - Non-Standard Port
T1572
T1573 - Encrypted Channel
T1573.001
T1573.002 - Asymmetric Cryptography
T1574 - Hijack Execution Flow
T1574.001
T1574.002 - DLL Side-Loading
T1574.005
T1583
T1583.001
T1583.005 - Botnet
T1583.006
T1585
T1585.002
T1586
T1586.002
T1587
T1587.001
T1588
T1588.001
T1588.002
T1588.003
T1588.004
T1593
T1598
T1598.003
T1608
T1608.001
T1608.004
T1608.005
T1622
T1654
T1678
TA0001 - Initial Access
TA0003 - Persistence
TA0005 - Defense Evasion
TA0006 - Credential Access
TA0007 - Discovery
TA0011 - Command and Control