Chimera

OriginChina

Techniques (MITRE ATT&CK)59

SourceMITRE ATT&CK

Vexday analysis

Chimera é um grupo de ameaça persistente avançada (APT) com origem atribuída à China, ativo pelo menos desde 2018, com atuação documentada contra a indústria de semicondutores em Taiwan e dados do setor de aviação. Identificado no MITRE ATT&CK como G0114, o grupo possui 59 técnicas documentadas nessa base de conhecimento.

Techniques (MITRE ATT&CK) 59

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Reconnaissance

Credentials

Resource development

Tool

Execution

Windows Management Instrumentation Scheduled Task PowerShell Windows Command Shell Native API Service Execution

Persistence

External Remote Services

Credential access

NTDS Password Spraying Credential Stuffing Multi-Factor Authentication Interception

Discovery

System Service Discovery Query Registry System Network Configuration Discovery Remote System Discovery System Owner/User Discovery Network Service Discovery System Network Connections Discovery Process Discovery Local Groups File and Directory Discovery Local Account Domain Account System Time Discovery Network Share Discovery Password Policy Discovery Browser Information Discovery Domain Trust Discovery Local Storage Discovery

Lateral movement

Remote Desktop Protocol SMB/Windows Admin Shares Windows Remote Management Pass the Hash Lateral Tool Transfer

Collection

Data from Network Shared Drive Local Data Staging Remote Data Staging Local Email Collection Remote Email Collection Automated Collection Sharepoint Archive via Utility

Command and control

Web Protocols DNS Ingress Tool Transfer Protocol Tunneling

Exfiltration

Exfiltration Over C2 Channel Exfiltration to Cloud Storage

defense-impairment

Domain Controller Authentication Clear Windows Event Logs

stealth

Command Obfuscation Match Legitimate Resource Name or Location File Deletion Timestomp Valid Accounts Domain Accounts DLL

Exploited vulnerabilities

No CVEs attributed to this group in public sources (MITRE ATT&CK). Absence of attribution does not mean absence of activity.

Chimera uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →