🇨🇳
GhostNet
APT Group
Information theft and espionage
5 zero-day CVEs
ETDA ✓
Also Known As 1 names
Snooping Dragon
Target Countries 20
Countries highlighted in red
Barbados
Bangladesh
Bhutan
Canada
China
Cyprus
Germany
Indonesia
India
Islamic Republic of Iran
Republic of Korea
Latvia
Malta
Philippines
Pakistan
Portugal
Romania
Thailand
Province of China Taiwan
United States
Sectors Targeted
Government
Embassies
Promoters of Performing Arts, Sports, and Similar Events
7113
Financial
Offices of Certified Public Accountants
541211
Motion Picture and Video Production
51211
NGOs
Media
Details
Origin
🇨🇳 CN
Last Updated
01 Jun 2022
MITRE ATT&CK 104
T1003
T1003.001 - LSASS Memory
T1005 - Data from Local System
T1007
T1008
T1011
T1012 - Query Registry
T1016 - System Network Configuration Discovery
T1021
T1021.001 - Remote Desktop Protocol
T1027 - Obfuscated Files or Information
T1029
T1033 - System Owner/User Discovery
T1036
T1036.005 - Match Legitimate Name or Location
T1041 - Exfiltration Over C2 Channel
T1047
T1048
T1049
T1053
T1055 - Process Injection
T1056.001 - Keylogging
T1057 - Process Discovery
T1059
T1059.001
T1059.003 - Windows Command Shell
T1060
T1068 - Exploitation for Privilege Escalation
T1070
T1070.004 - File Deletion
T1071
T1071.001
T1074.001 - Local Data Staging
T1078 - Valid Accounts
T1081
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1085
T1087
T1090 - Proxy
T1095
T1102
T1105 - Ingress Tool Transfer
T1106 - Native API
T1110 - Brute Force
T1112 - Modify Registry
T1113 - Screen Capture
T1114
T1114.001
T1115
T1119
T1120
T1124
T1127
T1130
T1132
T1133
T1136
T1137
T1140 - Deobfuscate/Decode Files or Information
T1170
T1176
T1190
T1199
T1204 - User Execution
T1204.002
T1217
T1218 - Signed Binary Proxy Execution
T1218.011 - Rundll32
T1485
T1486
T1489
T1490 - Inhibit System Recovery
T1497
T1497.003
T1498 - Network Denial of Service
T1503
T1518
T1518.001 - Security Software Discovery
T1529
T1530
T1531
T1539
T1543
T1547
T1547.001 - Registry Run Keys / Startup Folder
T1550
T1552
T1552.001 - Credentials In Files
T1553 - Subvert Trust Controls
T1555
T1560
T1561
T1562
T1562.001 - Disable or Modify Tools
T1564.001 - Hidden Files and Directories
T1566 - Phishing
T1566.001
T1571
T1573
T1574.002 - DLL Side-Loading
T1583
T1587
T1595