🇨🇳

Operation LiberalFace

APT Group Information theft and espionage ETDA ✓

Also Known As

No alias recorded

Target Countries 2

Countries highlighted in red

Japan United States

Sectors Targeted

Government Finance and Insurance 52 Health Care and Social Assistance 62

Details

Origin 🇨🇳 CN
Last Updated 11 May 2024

Malware Families 2

anel
ASYNCRAT

MITRE ATT&CK 40

T1003 - OS Credential Dumping T1021.002 - SMB/Windows Admin Shares T1027 - Obfuscated Files or Information T1036 - Masquerading T1039 - Data from Network Shared Drive T1047 - Windows Management Instrumentation T1053 - Scheduled Task/Job T1053.005 - Scheduled Task T1055 - Process Injection T1059 T1059.005 - Visual Basic T1070.001 - Clear Windows Event Logs T1070.004 - File Deletion T1070.006 - Timestomp T1071.004 - DNS T1083 - File and Directory Discovery T1087 - Account Discovery T1102 - Web Service T1104 - Multi-Stage Channels T1112 - Modify Registry T1113 - Screen Capture T1127.001 - MSBuild T1132 - Data Encoding T1133 - External Remote Services T1134.002 - Create Process with Token T1140 - Deobfuscate/Decode Files or Information T1204 - User Execution T1210 T1486 T1543.003 - Windows Service T1547 - Boot or Logon Autostart Execution T1560.001 - Archive via Utility T1562.001 - Disable or Modify Tools T1562.004 - Disable or Modify System Firewall T1564 - Hide Artifacts T1566 - Phishing T1566.001 T1568 - Dynamic Resolution T1568.002 - Domain Generation Algorithms T1573.002 - Asymmetric Cryptography

Related Zero-Days

No zero-day CVE linked to this actor