← Back to Actors
APT42
APT42
[APT42](https://attack.mitre.org/groups/G1044) is an Iranian-sponsored threat group that conducts cyber espionage and surveillance.(Citation: Mandiant APT42-charms) The group primarily focuses on targets in the Middle East region, but has targeted a variety of industries and countries since at least 2015.(Citation: Mandiant APT42-charms) [APT42](https://attack.mitre.org/groups/G1044) starts cyber operations through spearphishing emails and/or the PINEFLOWER Android malware, then monitors and collects information from the compromised systems and devices.(Citation: Mandiant APT42-charms) Finally...
33
Techniques
29
Covered
4
Gaps
88%
Coverage
Coverage29/33
GAPS (4)
COVERED (29)
T1016System Network Configuration Discovery39 det.T1036.005Match Legitimate Resource Name or Location44 det.T1047Windows Management Instrumentation87 det.T1053.005Scheduled Task99 det.T1056Input Capture7 det.T1056.001Keylogging4 det.T1059.001PowerShell368 det.T1059.005Visual Basic68 det.T1070Indicator Removal62 det.T1070.008Clear Mailbox Data10 det.T1071.001Web Protocols80 det.T1082System Information Discovery86 det.T1087.001Local Account33 det.T1102Web Service34 det.T1111Multi-Factor Authentication Interception1 det.T1112Modify Registry203 det.T1113Screen Capture18 det.T1132.001Standard Encoding5 det.T1518.001Security Software Discovery10 det.T1530Data from Cloud Storage32 det.T1539Steal Web Session Cookie15 det.T1547Boot or Logon Autostart Execution56 det.T1555.003Credentials from Web Browsers16 det.T1566.002Spearphishing Link904 det.T1573.002Asymmetric Cryptography6 det.T1583.001Domains61 det.T1588.002Tool13 det.T1608.001Upload Malware3 det.T1656Impersonation184 det.