Confucius

Techniques (MITRE ATT&CK)19

SourceMITRE ATT&CK

Also known as:Confucius APT

Vexday analysis

Confucius é um grupo de espionagem cibernética que atua pelo menos desde 2013, com foco principal em militares, personalidades de alto perfil, empresários e organizações governamentais no Sul da Ásia. Pesquisadores de segurança identificaram semelhanças entre Confucius e o grupo Patchwork, especialmente no código de malware customizado e nos alvos escolhidos por ambos. Catalogado no MITRE ATT&CK como G0142, o grupo possui 19 técnicas documentadas na estrutura e 3 CVEs atribuídas.

Techniques (MITRE ATT&CK) 19

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development

Web Services

Initial access

Spearphishing Attachment Spearphishing Link

Execution

Scheduled Task PowerShell Visual Basic Exploitation for Client Execution Malicious Link Malicious File

Persistence

Registry Run Keys / Startup Folder

Discovery

File and Directory Discovery Local Storage Discovery

Collection

Automated Collection

Command and control

Web Protocols Ingress Tool Transfer

Exfiltration

Exfiltration Over C2 Channel Exfiltration to Cloud Storage

stealth

Mshta Template Injection

Exploited vulnerabilities 3

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2017-11882HIGHEPSS 100%KEV CVE-2015-1641HIGHEPSS 97%KEV CVE-2018-0802HIGHEPSS 93%KEV

Confucius uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →