← Back to Actors
APT5
APT5Mulberry TyphoonMANGANESEBRONZE FLEETWOODKeyhole PandaUNC2630
[APT5](https://attack.mitre.org/groups/G1023) is a China-based espionage actor that has been active since at least 2007 primarily targeting the telecommunications, aerospace, and defense industries throughout the U.S., Europe, and Asia. [APT5](https://attack.mitre.org/groups/G1023) has displayed advanced tradecraft and significant interest in compromising networking devices and their underlying software including through the use of zero-day exploits.(Citation: NSA APT5 Citrix Threat Hunting December 2022)(Citation: Microsoft East Asia Threats September 2023)(Citation: Mandiant Pulse Secure Zer...
30
Techniques
29
Covered
1
Gaps
97%
Coverage
Coverage29/30
GAPS (1)
COVERED (29)
T1003.001LSASS Memory111 det.T1003.002Security Account Manager49 det.T1021.001Remote Desktop Protocol53 det.T1021.004SSH35 det.T1036.005Match Legitimate Resource Name or Location45 det.T1049System Network Connections Discovery22 det.T1053.003Cron29 det.T1055Process Injection81 det.T1056.001Keylogging4 det.T1057Process Discovery21 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1070Indicator Removal62 det.T1070.003Clear Command History15 det.T1070.004File Deletion43 det.T1070.006Timestomp10 det.T1074.001Local Data Staging10 det.T1078.002Domain Accounts28 det.T1078.004Cloud Accounts183 det.T1083File and Directory Discovery48 det.T1098.007Additional Local or Domain Groups10 det.T1136.001Local Account43 det.T1190Exploit Public-Facing Application227 det.T1505.003Web Shell65 det.T1554Compromise Host Software Binary19 det.T1560.001Archive via Utility26 det.T1562.006Indicator Blocking16 det.T1654Log Enumeration1 det.T1685Disable or Modify Tools279 det.