🇨🇳
Comment Crew
APT Group
Information theft and espionage
12 zero-day CVEs
ETDA ✓
Also Known As 11 names
APT1
Brown Fox
Byzantine Candor
COMMENT PANDA
Comment Group
G0006
GIF89a
Group 3
PLA Unit 61398
ShadyRAT
TG-8223
Target Countries 21
Countries highlighted in red
Argentina
Australia
Belgium
Canada
Switzerland
Germany
France
Israel
India
Islamic Republic of Iran
Italy
Japan
Republic of Korea
Luxembourg
Norway
Singapore
Province of China Taiwan
United States
Vietnam
South Africa
Zambia
Sectors Targeted
Computer Systems Design Services
541512
Transportation
Internet Publishing and Broadcasting and Web Search Portals
51913
High-Tech
Promoters of Performing Arts, Sports, and Similar Events
7113
Media
Food and Agriculture
Government
Mining
Chemical
Energy
IT
Convention and Trade Show Organizers
56192
Water Transportation
483
Financial
Civic and Social Organizations
8134
Navigation and lawyers
Telecommunications
Defense
Research
Construction
Non-profit organizations
Performing Arts Companies
7111
Human Resources Consulting Services
541612
Food Services and Drinking Places
722
Satellites
Healthcare
Engineering
Data Processing, Hosting, and Related Services
51821
Computer Systems Design and Related Services
54151
Commercial Banking
52211
Employment Placement Agencies and Executive Search Services
56131
Aerospace
Education
Performing Arts, Spectator Sports, and Related Industries
711
Manufacturing
Entertainment
Details
Origin
🇨🇳 CN
Last Updated
01 Jun 2022
Malware Families 15
dairy
helauto
zhmimikatz
bangat
goggles
combos
bouncer
hacksfase
manitsme
getmail
mapiget
kurton
OceanSalt
cookiebag
auriga
MITRE ATT&CK 109
T1001 - Data Obfuscation
T1002
T1003
T1003.001
T1005
T1007
T1012
T1016
T1021
T1021.001
T1027 - Obfuscated Files or Information
T1030 - Data Transfer Size Limits
T1031
T1036 - Masquerading
T1036.005
T1038 - DLL Search Order Hijacking
T1041
T1042
T1049 - System Network Connections Discovery
T1053 - Scheduled Task/Job
T1053.001 - At (Linux)
T1053.002 - At (Windows)
T1053.003 - Cron
T1053.006 - Systemd Timers
T1053.007 - Container Orchestration Job
T1055.001 - Dynamic-link Library Injection
T1055.002 - Portable Executable Injection
T1055.003 - Thread Execution Hijacking
T1055.004 - Asynchronous Procedure Call
T1055.008 - Ptrace System Calls
T1056 - Input Capture
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001
T1059.003
T1060
T1064
T1067
T1068 - Exploitation for Privilege Escalation
T1070 - Indicator Removal on Host
T1071 - Application Layer Protocol
T1071.001
T1075
T1076
T1078
T1081
T1082
T1083
T1087
T1087.001
T1105 - Ingress Tool Transfer
T1106 - Native API
T1110 - Brute Force
T1110.001 - Password Guessing
T1112
T1113 - Screen Capture
T1114
T1114.001
T1114.002
T1119 - Automated Collection
T1120
T1127 - Trusted Developer Utilities Proxy Execution
T1130
T1134 - Access Token Manipulation
T1135
T1140 - Deobfuscate/Decode Files or Information
T1176 - Browser Extensions
T1204
T1218
T1222 - File and Directory Permissions Modification
T1326
T1330
T1333
T1334
T1346
T1410 - Network Traffic Capture or Redirection
T1459 - Device Unlock Code Guessing or Brute Force
T1480 - Execution Guardrails
T1486 - Data Encrypted for Impact
T1489
T1490
T1497
T1546
T1547 - Boot or Logon Autostart Execution
T1550
T1550.002
T1552
T1553 - Subvert Trust Controls
T1560
T1560.001
T1562 - Impair Defenses
T1564
T1566 - Phishing
T1566.001
T1566.002
T1568 - Dynamic Resolution
T1569
T1574
T1583
T1583.001
T1584
T1584.001
T1585
T1585.002
T1588
T1588.001
T1588.002
T1590 - Gather Victim Network Information
TA0011 - Command and Control