🇨🇳
Naikon
APT Group
Information theft and espionage
11 zero-day CVEs
ETDA ✓
Also Known As 8 names
BRONZE GENEVA
BRONZE STERLING
Camerashy
G0013
G0019
Naikon
OVERRIDE PANDA
PLA Unit 78020
Target Countries 18
Countries highlighted in red
Australia
Bhutan
China
Finland
Indonesia
India
Japan
Cambodia
Republic of Korea
Myanmar
Malaysia
Nepal
Philippines
Saudi Arabia
Singapore
Thailand
United States
Vietnam
Sectors Targeted
Law enforcement
Government
Media
Energy
Defense
Details
Origin
🇨🇳 CN
Last Updated
01 Jun 2022
Malware Families 1
ariabody
MITRE ATT&CK 135
T1001 - Data Obfuscation
T1001.001
T1001.003
T1003 - OS Credential Dumping
T1003.002
T1005 - Data from Local System
T1007 - System Service Discovery
T1008
T1010 - Application Window Discovery
T1011
T1012 - Query Registry
T1016 - System Network Configuration Discovery
T1016.001
T1018
T1021
T1027 - Obfuscated Files or Information
T1033 - System Owner/User Discovery
T1036 - Masquerading
T1036.004
T1036.005
T1041 - Exfiltration Over C2 Channel
T1046
T1047
T1048
T1048.003
T1049 - System Network Connections Discovery
T1053 - Scheduled Task/Job
T1053.005
T1055 - Process Injection
T1056 - Input Capture
T1056.001 - Keylogging
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001
T1059.003 - Windows Command Shell
T1060
T1070 - Indicator Removal on Host
T1070.004 - File Deletion
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1074
T1074.001
T1078 - Valid Accounts
T1078.002
T1081
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1085
T1087 - Account Discovery
T1087.001
T1087.002
T1090 - Proxy
T1090.001
T1090.003
T1095
T1102 - Web Service
T1105 - Ingress Tool Transfer
T1106 - Native API
T1110
T1112 - Modify Registry
T1113 - Screen Capture
T1114
T1114.001
T1115 - Clipboard Data
T1119
T1120
T1124 - System Time Discovery
T1127
T1129 - Shared Modules
T1130
T1132
T1133
T1134 - Access Token Manipulation
T1136 - Create Account
T1137
T1137.006
T1140 - Deobfuscate/Decode Files or Information
T1170
T1176
T1190
T1199
T1201
T1204 - User Execution
T1204.002 - Malicious File
T1213 - Data from Information Repositories
T1217
T1218 - Signed Binary Proxy Execution
T1219
T1219.002
T1222 - File and Directory Permissions Modification
T1482
T1485
T1486
T1489
T1490 - Inhibit System Recovery
T1496 - Resource Hijacking
T1497 - Virtualization/Sandbox Evasion
T1497.003
T1498 - Network Denial of Service
T1503
T1518 - Software Discovery
T1518.001
T1526 - Cloud Service Discovery
T1529
T1530
T1531
T1539
T1543 - Create or Modify System Process
T1543.003 - Windows Service
T1547 - Boot or Logon Autostart Execution
T1547.001 - Registry Run Keys / Startup Folder
T1550
T1552
T1553 - Subvert Trust Controls
T1555
T1560
T1560.001
T1560.003
T1561
T1562
T1562.001
T1566 - Phishing
T1566.001
T1569 - System Services
T1571 - Non-Standard Port
T1573 - Encrypted Channel
T1574 - Hijack Execution Flow
T1574.001
T1574.002 - DLL Side-Loading
T1583
T1587
T1588
T1588.002
T1595
T1614 - System Location Discovery