← Back to Actors
APT5
APT5Mulberry TyphoonMANGANESEBRONZE FLEETWOODKeyhole PandaUNC2630
[APT5](https://attack.mitre.org/groups/G1023) is a China-based espionage actor that has been active since at least 2007 primarily targeting the telecommunications, aerospace, and defense industries throughout the U.S., Europe, and Asia. [APT5](https://attack.mitre.org/groups/G1023) has displayed advanced tradecraft and significant interest in compromising networking devices and their underlying software including through the use of zero-day exploits.(Citation: NSA APT5 Citrix Threat Hunting December 2022)(Citation: Microsoft East Asia Threats September 2023)(Citation: Mandiant Pulse Secure Zer...
29
Techniques
28
Covered
1
Gaps
97%
Coverage
Coverage28/29
GAPS (1)
COVERED (28)
T1003.001LSASS Memory105 det.T1003.002Security Account Manager45 det.T1021.001Remote Desktop Protocol51 det.T1021.004SSH31 det.T1036.005Match Legitimate Resource Name or Location44 det.T1049System Network Connections Discovery21 det.T1053.003Cron28 det.T1055Process Injection76 det.T1056.001Keylogging4 det.T1057Process Discovery18 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1070Indicator Removal56 det.T1070.003Clear Command History14 det.T1070.004File Deletion40 det.T1070.006Timestomp9 det.T1074.001Local Data Staging10 det.T1078.002Domain Accounts26 det.T1078.004Cloud Accounts149 det.T1083File and Directory Discovery48 det.T1098.007Additional Local or Domain Groups9 det.T1136.001Local Account42 det.T1190Exploit Public-Facing Application208 det.T1505.003Web Shell57 det.T1554Compromise Host Software Binary18 det.T1560.001Archive via Utility24 det.T1562.006Indicator Blocking16 det.T1654Log Enumeration1 det.