🇨🇳
APT31
APT Group
Information theft and espionage
9 zero-day CVEs
ETDA ✓
Also Known As 8 names
APT 31
BRONZE VINEWOOD
JUDGMENT PANDA
Red keres
TA412
Violet Typhoon
ZIRCONIUM
Zirconium
Target Countries 17
Countries highlighted in red
Brazil
Belarus
Canada
Chile
Czech Republic
Finland
France
United Kingdom
Hong Kong
Japan
Mongolia
Norway
New Zealand
Russian Federation
United States
South Africa
Zambia
Sectors Targeted
Employment Placement Agencies and Executive Search Services
56131
Computer Systems Design and Related Services
5415
Utilities
22
Computer Systems Design and Related Services
54151
Professional, Scientific, and Technical Services
54
NAICS:813311
813311
Public Administration
92
NAICS:8131
8131
Finance and Insurance
52
Information
51
Publishing Industries (except Internet)
511
Management Consulting Services
54161
Freight Transportation Arrangement
48851
Computer Systems Design Services
541512
Advertising Agencies
54181
Management, Scientific, and Technical Consulting Services
5416
Justice, Public Order, and Safety Activities
9221
National Security and International Affairs
9281
Construction
23
Space Research and Technology
927
Food Services and Drinking Places
722
Newspaper Publishers
51111
Educational Services
61
Health Care and Social Assistance
62
NAICS:31
31
Telecommunications
517
Civic and Social Organizations
8134
Data Processing, Hosting, and Related Services
51821
Family Clothing Stores
44814
Executive, Legislative, and Other General Government Support
9211
Details
Origin
🇨🇳 CN
Last Updated
14 Jul 2025
Malware Families 4
win.dragonbreath
sowat
stealer_0x3401
yarat
MITRE ATT&CK 118
T1003 - OS Credential Dumping
T1003.002 - Security Account Manager
T1003.008 - /etc/passwd and /etc/shadow
T1005 - Data from Local System
T1012
T1014 - Rootkit
T1016 - System Network Configuration Discovery
T1018 - Remote System Discovery
T1021.001 - Remote Desktop Protocol
T1021.002 - SMB/Windows Admin Shares
T1027 - Obfuscated Files or Information
T1027.002 - Software Packing
T1033 - System Owner/User Discovery
T1036
T1036.004
T1041
T1046 - Network Service Scanning
T1047 - Windows Management Instrumentation
T1049 - System Network Connections Discovery
T1052
T1053
T1053.005 - Scheduled Task
T1055 - Process Injection
T1055.003 - Thread Execution Hijacking
T1055.009 - Proc Memory
T1056 - Input Capture
T1056.001 - Keylogging
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1059.004 - Unix Shell
T1059.006
T1068 - Exploitation for Privilege Escalation
T1070
T1070.001 - Clear Windows Event Logs
T1070.004 - File Deletion
T1070.006
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1078 - Valid Accounts
T1078.004 - Cloud Accounts
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1087 - Account Discovery
T1090 - Proxy
T1090.001 - Internal Proxy
T1090.003 - Multi-hop Proxy
T1095
T1102 - Web Service
T1102.002
T1105 - Ingress Tool Transfer
T1106
T1110
T1113
T1124
T1127 - Trusted Developer Utilities Proxy Execution
T1133 - External Remote Services
T1134 - Access Token Manipulation
T1136 - Create Account
T1136.001 - Local Account
T1140 - Deobfuscate/Decode Files or Information
T1176
T1190 - Exploit Public-Facing Application
T1195
T1195.001 - Compromise Software Dependencies and Development Tools
T1199
T1201
T1202 - Indirect Command Execution
T1203 - Exploitation for Client Execution
T1204
T1204.001
T1205.002
T1213 - Data from Information Repositories
T1218
T1218.007
T1496
T1497 - Virtualization/Sandbox Evasion
T1498 - Network Denial of Service
T1505.003 - Web Shell
T1518.001 - Security Software Discovery
T1530 - Data from Cloud Storage Object
T1543
T1543.003 - Windows Service
T1543.004 - Launch Daemon
T1547 - Boot or Logon Autostart Execution
T1547.001
T1550.002 - Pass the Hash
T1552.001 - Credentials In Files
T1555
T1555.003
T1560 - Archive Collected Data
T1562
T1562.001 - Disable or Modify Tools
T1562.004 - Disable or Modify System Firewall
T1564 - Hide Artifacts
T1566 - Phishing
T1566.001 - Spearphishing Attachment
T1566.002
T1567 - Exfiltration Over Web Service
T1567.002 - Exfiltration to Cloud Storage
T1570 - Lateral Tool Transfer
T1571 - Non-Standard Port
T1573 - Encrypted Channel
T1573.001 - Symmetric Cryptography
T1574
T1574.001 - DLL Search Order Hijacking
T1574.002 - DLL Side-Loading
T1583
T1583.001
T1583.006
T1584
T1584.008
T1588.002 - Tool
T1590 - Gather Victim Network Information
T1598
T1598.003
T1665