← Back to Actors
APT42
APT42
[APT42](https://attack.mitre.org/groups/G1044) is an Iranian-sponsored threat group that conducts cyber espionage and surveillance.(Citation: Mandiant APT42-charms) The group primarily focuses on targets in the Middle East region, but has targeted a variety of industries and countries since at least 2015.(Citation: Mandiant APT42-charms) [APT42](https://attack.mitre.org/groups/G1044) starts cyber operations through spearphishing emails and/or the PINEFLOWER Android malware, then monitors and collects information from the compromised systems and devices.(Citation: Mandiant APT42-charms) Finally...
31
Techniques
29
Covered
2
Gaps
94%
Coverage
Coverage29/31
COVERED (29)
T1016System Network Configuration Discovery35 det.T1036.005Match Legitimate Resource Name or Location44 det.T1047Windows Management Instrumentation85 det.T1053.005Scheduled Task82 det.T1056Input Capture7 det.T1056.001Keylogging4 det.T1059.001PowerShell338 det.T1059.005Visual Basic66 det.T1070Indicator Removal56 det.T1070.008Clear Mailbox Data8 det.T1071.001Web Protocols74 det.T1082System Information Discovery80 det.T1087.001Local Account32 det.T1102Web Service33 det.T1111Multi-Factor Authentication Interception1 det.T1112Modify Registry197 det.T1113Screen Capture17 det.T1132.001Standard Encoding5 det.T1518.001Security Software Discovery8 det.T1530Data from Cloud Storage30 det.T1539Steal Web Session Cookie12 det.T1547Boot or Logon Autostart Execution56 det.T1555.003Credentials from Web Browsers15 det.T1566.002Spearphishing Link837 det.T1573.002Asymmetric Cryptography6 det.T1583.001Domains61 det.T1588.002Tool13 det.T1608.001Upload Malware2 det.T1656Impersonation172 det.