Axiom

AxiomGroup 72

[Axiom](https://attack.mitre.org/groups/G0001) is a suspected Chinese cyber espionage group that has targeted the aerospace, defense, government, manufacturing, and media sectors since at least 2008. Some reporting suggests a degree of overlap between [Axiom](https://attack.mitre.org/groups/G0001) and [Winnti Group](https://attack.mitre.org/groups/G0044) but the two groups appear to be distinct based on differences in reporting on TTPs and targeting.(Citation: Kaspersky Winnti April 2013)(Citation: Kaspersky Winnti June 2015)(Citation: Novetta Winnti April 2015)

Techniques

Covered

Gaps

75%

Coverage

Coverage12/16

GAPS (4)

T1001.002Steganography T1583.002DNS Server T1583.003Virtual Private Server T1584.005Botnet

COVERED (12)

T1003OS Credential Dumping113 det.T1005Data from Local System47 det.T1021.001Remote Desktop Protocol53 det.T1078Valid Accounts280 det.T1189Drive-by Compromise10 det.T1190Exploit Public-Facing Application216 det.T1203Exploitation for Client Execution75 det.T1546.008Accessibility Features8 det.T1553Subvert Trust Controls18 det.T1560Archive Collected Data12 det.T1563.002RDP Hijacking5 det.T1566Phishing996 det.