APT5

OriginChina

Techniques (MITRE ATT&CK)29

SourceMITRE ATT&CK

Also known as:Mulberry TyphoonMANGANESEBRONZE FLEETWOODKeyhole PandaUNC2630

Vexday analysis

APT5 é um grupo de espionagem de origem chinesa ativo pelo menos desde 2007, com foco histórico nos setores de telecomunicações, aeroespacial e defesa nos Estados Unidos, Europa e Ásia. Rastreado pelo MITRE ATT&CK sob o identificador G1023 e também conhecido como Mulberry Typhoon, MANGANESE, BRONZE FLEETWOOD, Keyhole Panda e UNC2630, o grupo demonstra capacidade técnica avançada e interesse persistente em comprometer dispositivos de rede e seus sistemas subjacentes, incluindo por meio do uso de exploits zero-day. Tem 29 técnicas documentadas na base ATT&CK e 2 CVEs atribuídas.

Techniques (MITRE ATT&CK) 29

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development

Botnet

Initial access

Exploit Public-Facing Application

Execution

Cron PowerShell Windows Command Shell

Persistence

Additional Local or Domain Groups Local Account Web Shell Compromise Host Software Binary

Credential access

LSASS Memory Security Account Manager

Discovery

System Network Connections Discovery Process Discovery File and Directory Discovery Log Enumeration

Lateral movement

Remote Desktop Protocol SSH

Collection

Keylogging Local Data Staging Archive via Utility

defense-impairment

Disable or Modify Tools

stealth

Match Legitimate Resource Name or Location Process Injection Indicator Removal Clear Command History File Deletion Timestomp Domain Accounts Cloud Accounts

Exploited vulnerabilities 2

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2014-7169CRITICALEPSS 100%KEV CVE-2016-6662EPSS 68%

APT5 uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →