🇨🇳
Mirage
APT Group
Information theft and espionage
15 zero-day CVEs
ETDA ✓
Also Known As 16 names
APT15
BRONZE DAVENPORT
BRONZE IDLEWOOD
BRONZE PALACE
G0004
Ke3Chang
Lurid
Metushy
NICKEL
Nylon Typhoon
Playful Dragon
Red Vulture
Royal APT
Social Network Team
VIXEN PANDA
APT 15
Target Countries 55
Countries highlighted in red
Afghanistan
Albania
Argentina
Bosnia and Herzegovina
Barbados
Belgium
Bulgaria
Brazil
Bhutan
Switzerland
Chile
China
Colombia
Germany
Dominican Republic
Ecuador
Egypt
France
United Kingdom
Georgia
Ghana
Guatemala
Honduras
Croatia
Hungary
Indonesia
India
Islamic Republic of Iran
Italy
Jamaica
Kuwait
Kazakhstan
Sri Lanka
Libya
Montenegro
Mali
Mexico
Malaysia
Namibia
Nigeria
Panama
Peru
Pakistan
Poland
Portugal
Saudi Arabia
Slovenia
Slovakia
El Salvador
Turkey
Trinidad and Tobago
United States
Uzbekistan
Bolivarian Republic of Venezuela
South Africa
Sectors Targeted
Manufacturing
Uyghur communities
Embassies
Government
Mining
Food Services and Drinking Places
722
High-Tech
Energy
Computer Systems Design Services
541512
Data Processing, Hosting, and Related Services
51821
Chemical
Aviation
Aerospace
Oil and gas
Human Resources Consulting Services
541612
Telecommunications
Industrial
Utilities
Defense
Details
Origin
🇨🇳 CN
Last Updated
06 Aug 2025
Malware Families 10
dilljuice
zhmimikatz
ketrican
ketrum
royal_dns
exchange_tool
royalcli
whitebird
tidepool
bs2005
MITRE ATT&CK 164
T1001 - Data Obfuscation
T1003 - OS Credential Dumping
T1003.001
T1003.002
T1003.003 - NTDS
T1003.004
T1004 - Winlogon Helper DLL
T1005 - Data from Local System
T1007 - System Service Discovery
T1008
T1010 - Application Window Discovery
T1011
T1012 - Query Registry
T1016 - System Network Configuration Discovery
T1018 - Remote System Discovery
T1020
T1021
T1021.001 - Remote Desktop Protocol
T1021.002 - SMB/Windows Admin Shares
T1021.006 - Windows Remote Management
T1027 - Obfuscated Files or Information
T1027.002 - Software Packing
T1033 - System Owner/User Discovery
T1036 - Masquerading
T1036.002
T1036.004
T1036.005
T1038 - DLL Search Order Hijacking
T1040
T1041
T1046
T1047
T1048
T1049
T1053 - Scheduled Task/Job
T1053.001 - At (Linux)
T1053.002 - At (Windows)
T1053.003 - Cron
T1053.006 - Systemd Timers
T1053.007 - Container Orchestration Job
T1055 - Process Injection
T1055.001 - Dynamic-link Library Injection
T1055.002 - Portable Executable Injection
T1055.003 - Thread Execution Hijacking
T1055.004 - Asynchronous Procedure Call
T1055.008 - Ptrace System Calls
T1056 - Input Capture
T1056.001 - Keylogging
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003
T1060
T1069
T1069.002 - Domain Groups
T1070 - Indicator Removal on Host
T1071
T1071.001 - Web Protocols
T1071.004 - DNS
T1074 - Data Staged
T1074.001 - Local Data Staging
T1078 - Valid Accounts
T1078.002 - Domain Accounts
T1078.004
T1081
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1085
T1087 - Account Discovery
T1087.001
T1087.002 - Domain Account
T1090
T1090.003
T1095
T1102
T1105 - Ingress Tool Transfer
T1106
T1112 - Modify Registry
T1113
T1114
T1114.001
T1114.002
T1115 - Clipboard Data
T1119
T1120
T1124
T1129 - Shared Modules
T1130
T1132 - Data Encoding
T1133 - External Remote Services
T1134 - Access Token Manipulation
T1137
T1140 - Deobfuscate/Decode Files or Information
T1156 - Malicious Shell Modification
T1170
T1190 - Exploit Public-Facing Application
T1199
T1201
T1204
T1204.002
T1211 - Exploitation for Defense Evasion
T1213 - Data from Information Repositories
T1213.002
T1217
T1218 - Signed Binary Proxy Execution
T1222 - File and Directory Permissions Modification
T1418
T1422
T1426
T1430
T1437
T1454 - Malicious SMS Message
T1476 - Deliver Malicious App via Other Means
T1489
T1490 - Inhibit System Recovery
T1495
T1496 - Resource Hijacking
T1497 - Virtualization/Sandbox Evasion
T1497.003
T1498 - Network Denial of Service
T1503
T1505
T1505.003 - Web Shell
T1509
T1518 - Software Discovery
T1530
T1533
T1539
T1543 - Create or Modify System Process
T1543.003 - Windows Service
T1547 - Boot or Logon Autostart Execution
T1547.001
T1548.002 - Bypass User Account Control
T1552
T1553 - Subvert Trust Controls
T1555
T1558
T1558.001
T1560
T1560.001 - Archive via Utility
T1562.001
T1566
T1566.001
T1569 - System Services
T1569.002
T1571
T1573 - Encrypted Channel
T1574
T1574.001
T1574.002 - DLL Side-Loading
T1583 - Acquire Infrastructure
T1583.003
T1583.005
T1587
T1587.001
T1588
T1588.001
T1588.002 - Tool
T1588.004 - Digital Certificates
T1592.004 - Client Configurations
T1596.001 - DNS/Passive DNS
T1596.004 - CDNs
T1614 - System Location Discovery
T1614.001