← Back to Actors
BRONZE BUTLER
BRONZE BUTLERREDBALDKNIGHTTick
[BRONZE BUTLER](https://attack.mitre.org/groups/G0060) is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group primarily targets Japanese organizations, particularly those in government, biotechnology, electronics manufacturing, and industrial chemistry.(Citation: Trend Micro Daserf Nov 2017)(Citation: Secureworks BRONZE BUTLER Oct 2017)(Citation: Trend Micro Tick November 2019)
41
Techniques
40
Covered
1
Gaps
98%
Coverage
Coverage40/41
GAPS (1)
COVERED (40)
T1003.001LSASS Memory111 det.T1005Data from Local System47 det.T1007System Service Discovery15 det.T1018Remote System Discovery51 det.T1027.001Binary Padding3 det.T1027.003Steganography5 det.T1036Masquerading572 det.T1036.002Right-to-Left Override6 det.T1036.005Match Legitimate Resource Name or Location45 det.T1039Data from Network Shared Drive6 det.T1053.002At17 det.T1053.005Scheduled Task100 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1059.005Visual Basic69 det.T1059.006Python51 det.T1070.004File Deletion43 det.T1071.001Web Protocols81 det.T1080Taint Shared Content2 det.T1083File and Directory Discovery48 det.T1087.002Domain Account57 det.T1102.001Dead Drop Resolver8 det.T1105Ingress Tool Transfer184 det.T1113Screen Capture18 det.T1124System Time Discovery4 det.T1132.001Standard Encoding5 det.T1140Deobfuscate/Decode Files or Information58 det.T1189Drive-by Compromise10 det.T1203Exploitation for Client Execution79 det.T1204.002Malicious File441 det.T1518Software Discovery17 det.T1547.001Registry Run Keys / Startup Folder53 det.T1548.002Bypass User Account Control84 det.T1550.003Pass the Ticket14 det.T1560.001Archive via Utility26 det.T1562.001Disable or Modify Tools316 det.T1566.001Spearphishing Attachment979 det.T1574.001DLL111 det.T1588.002Tool13 det.T1685Disable or Modify Tools279 det.