🇨🇳
BRONZE HIGHLAND
APT Group
Information theft and espionage
3 zero-day CVEs
ETDA ✓
Also Known As 2 names
Daggerfly
Evasive Panda
Target Countries 19
Countries highlighted in red
Afghanistan
Australia
Central African Republic
China
France
Hong Kong
Indonesia
India
Republic of Korea
Myanmar
Macao
Malaysia
Nigeria
Philippines
Turkey
Province of China Taiwan
United States
Vietnam
South Africa
Sectors Targeted
Management, Scientific, and Technical Consulting Services
5416
Individuals
Educational Support Services
6117
Computer Systems Design and Related Services
54151
Telecommunications
Government
human rights and pro-democracy advocates
Universities
Computer Systems Design Services
541512
Details
Origin
🇨🇳 CN
Last Updated
05 Aug 2024
Malware Families 10
sorgu
unidentified_075
win.suzafk
win.cloud_scout
SparkKitty
cdds
dazzle_spy
NewCore
darkstrat
SparkCat
MITRE ATT&CK 128
T1001 - Data Obfuscation
T1003
T1003.002
T1005 - Data from Local System
T1009 - Binary Padding
T1012
T1014 - Rootkit
T1016
T1020
T1021 - Remote Services
T1021.004 - SSH
T1025
T1027 - Obfuscated Files or Information
T1033
T1036 - Masquerading
T1036.003
T1036.004 - Masquerade Task or Service
T1036.005 - Match Legitimate Name or Location
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1045 - Software Packing
T1047 - Windows Management Instrumentation
T1049 - System Network Connections Discovery
T1053 - Scheduled Task/Job
T1053.005 - Scheduled Task
T1055 - Process Injection
T1056 - Input Capture
T1056.001 - Keylogging
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001
T1059.003
T1059.004 - Unix Shell
T1059.006 - Python
T1059.007 - JavaScript
T1064 - Scripting
T1068 - Exploitation for Privilege Escalation
T1070 - Indicator Removal on Host
T1070.004 - File Deletion
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1071.004 - DNS
T1074 - Data Staged
T1076 - Remote Desktop Protocol
T1078.001 - Default Accounts
T1078.003
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1087
T1090 - Proxy
T1095 - Non-Application Layer Protocol
T1102 - Web Service
T1105 - Ingress Tool Transfer
T1106 - Native API
T1107 - File Deletion
T1112 - Modify Registry
T1113 - Screen Capture
T1114
T1114.002 - Remote Email Collection
T1115
T1116 - Code Signing
T1119
T1123
T1132 - Data Encoding
T1133 - External Remote Services
T1134 - Access Token Manipulation
T1136
T1136.001
T1140 - Deobfuscate/Decode Files or Information
T1176 - Browser Extensions
T1189 - Drive-by Compromise
T1190 - Exploit Public-Facing Application
T1194 - Spearphishing via Service
T1195 - Supply Chain Compromise
T1195.002
T1199 - Trusted Relationship
T1204 - User Execution
T1204.001
T1207 - Rogue Domain Controller
T1218
T1218.011
T1490 - Inhibit System Recovery
T1495 - Firmware Corruption
T1496 - Resource Hijacking
T1518
T1530 - Data from Cloud Storage Object
T1539 - Steal Web Session Cookie
T1543
T1543.002 - Systemd Service
T1543.003 - Windows Service
T1547 - Boot or Logon Autostart Execution
T1548
T1548.002 - Bypass User Account Control
T1550.004 - Web Session Cookie
T1553
T1553.002 - Code Signing
T1553.003 - SIP and Trust Provider Hijacking
T1555
T1557.001 - LLMNR/NBT-NS Poisoning and SMB Relay
T1557.002 - ARP Cache Poisoning
T1558.003 - Kerberoasting
T1560
T1560.001 - Archive via Utility
T1562
T1565.001 - Stored Data Manipulation
T1566 - Phishing
T1567
T1568 - Dynamic Resolution
T1569 - System Services
T1569.002 - Service Execution
T1571
T1572
T1573 - Encrypted Channel
T1574 - Hijack Execution Flow
T1574.001
T1574.002 - DLL Side-Loading
T1583 - Acquire Infrastructure
T1583.001 - Domains
T1583.003 - Virtual Private Server
T1583.004 - Server
T1584
T1584.004
T1585
T1587
T1587.001 - Malware
T1587.002
T1592 - Gather Victim Host Information
T1608 - Stage Capabilities