← Back to Actors
APT5
APT5Mulberry TyphoonMANGANESEBRONZE FLEETWOODKeyhole PandaUNC2630
[APT5](https://attack.mitre.org/groups/G1023) is a China-based espionage actor that has been active since at least 2007 primarily targeting the telecommunications, aerospace, and defense industries throughout the U.S., Europe, and Asia. [APT5](https://attack.mitre.org/groups/G1023) has displayed advanced tradecraft and significant interest in compromising networking devices and their underlying software including through the use of zero-day exploits.(Citation: NSA APT5 Citrix Threat Hunting December 2022)(Citation: Microsoft East Asia Threats September 2023)(Citation: Mandiant Pulse Secure Zer...
30
Techniques
29
Covered
1
Gaps
97%
Coverage
Coverage29/30
GAPS (1)
COVERED (29)
T1003.001LSASS Memory111 det.T1003.002Security Account Manager49 det.T1021.001Remote Desktop Protocol53 det.T1021.004SSH34 det.T1036.005Match Legitimate Resource Name or Location44 det.T1049System Network Connections Discovery22 det.T1053.003Cron28 det.T1055Process Injection79 det.T1056.001Keylogging4 det.T1057Process Discovery20 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1070Indicator Removal62 det.T1070.003Clear Command History15 det.T1070.004File Deletion42 det.T1070.006Timestomp10 det.T1074.001Local Data Staging10 det.T1078.002Domain Accounts28 det.T1078.004Cloud Accounts167 det.T1083File and Directory Discovery48 det.T1098.007Additional Local or Domain Groups10 det.T1136.001Local Account43 det.T1190Exploit Public-Facing Application216 det.T1505.003Web Shell63 det.T1554Compromise Host Software Binary18 det.T1560.001Archive via Utility26 det.T1562.006Indicator Blocking16 det.T1654Log Enumeration1 det.T1685Disable or Modify Tools278 det.