Cервис управления информационной безопасностью
Cервис управления информационной безопасностью
Поиск
Вход Регистрация
MITRE ATT&CK - Преступная группа APT12
Риски
Каталоги
MITRE ATT&CK
Преступная группа
APT12
Куда я попал?
SECURITM это SGRC система, ? автоматизирующая процессы в службах информационной безопасности. SECURITM помогает построить и управлять ИСПДн, КИИ, ГИС, СМИБ/СУИБ, банковскими системами защиты.
А еще SECURITM это место для обмена опытом и наработками для служб безопасности.
Подробнее
Наш канал

APT12

APT12 is a threat group that has been attributed to China. The group has targeted a variety of victims including but not limited to media outlets, high-tech companies, and multiple governments.(Citation: Meyers Numbered Panda)
ID: G0005
Associated Groups: Numbered Panda, DynCalc, DNSCALC, IXESHE
Version: 2.1
Created: 31 May 2017
Last Modified: 25 Apr 2025

Associated Group Descriptions
Name Description
Numbered Panda (Citation: Meyers Numbered Panda)
DynCalc (Citation: Meyers Numbered Panda) (Citation: Moran 2014)
DNSCALC (Citation: Moran 2014)
IXESHE (Citation: Meyers Numbered Panda) (Citation: Moran 2014)

Techniques Used
Domain ID Name Use
Enterprise T1568 .003 Dynamic Resolution: DNS Calculation

APT12 has used multiple variants of DNS Calculation including multiplying the first two octets of an IP address and adding the third octet to that value in order to get a resulting command and control port.(Citation: Meyers Numbered Panda)
Enterprise T1566 .001 Phishing: Spearphishing Attachment

APT12 has sent emails with malicious Microsoft Office documents and PDFs attached.(Citation: Moran 2014)(Citation: Trend Micro IXESHE 2012)
Enterprise T1204 .002 User Execution: Malicious File

APT12 has attempted to get victims to open malicious Microsoft Word and PDF attachment sent via spearphishing.(Citation: Moran 2014)(Citation: Trend Micro IXESHE 2012)
Enterprise T1102 .002 Web Service: Bidirectional Communication

APT12 has used blogs and WordPress for C2 infrastructure.(Citation: Meyers Numbered Panda)

Software
ID Name References Techniques
S0015 Ixeshe (Citation: Moran 2013) (Citation: Moran 2014) System Owner/User Discovery, Standard Encoding, Match Legitimate Resource Name or Location, System Service Discovery, System Information Discovery, Data from Local System, System Network Configuration Discovery, File and Directory Discovery, Process Discovery, Registry Run Keys / Startup Folder, Windows Command Shell, File Deletion, Web Protocols, Ingress Tool Transfer, Hidden Files and Directories, Commonly Used Port
S0003 RIPTIDE (Citation: Moran 2014) Symmetric Cryptography, Web Protocols, Commonly Used Port
S0040 HTRAN (Citation: HUC Packet Transmit Tool) (Citation: NCSC Joint Report Public Tools) (Citation: Operation Quantum Entanglement) (Citation: Trend Micro IXESHE 2012) Rootkit, Process Injection, Proxy

References

  1. Moran, N., & Villeneuve, N. (2013, August 12). Survival of the Fittest: New York Times Attackers Evolve Quickly [Blog]. Retrieved November 17, 2024.
  2. Moran, N., Oppenheim, M., Engle, S., & Wartell, R.. (2014, September 3). Darwin’s Favorite APT Group [Blog]. Retrieved November 12, 2014.
  3. Meyers, A. (2013, March 29). Whois Numbered Panda. Retrieved January 14, 2016.
  4. Sancho, D., et al. (2012, May 22). IXESHE An APT Campaign. Retrieved June 7, 2019.
Навигация

Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.