← Back to Actors
Chimera
Chimera
[Chimera](https://attack.mitre.org/groups/G0114) is a suspected China-based threat group that has been active since at least 2018 targeting the semiconductor industry in Taiwan as well as data from the airline industry.(Citation: Cycraft Chimera April 2020)(Citation: NCC Group Chimera January 2021)
60
Techniques
58
Covered
2
Gaps
97%
Coverage
Coverage58/60
COVERED (58)
T1003.003NTDS36 det.T1007System Service Discovery15 det.T1012Query Registry25 det.T1016System Network Configuration Discovery40 det.T1018Remote System Discovery51 det.T1021.001Remote Desktop Protocol53 det.T1021.002SMB/Windows Admin Shares74 det.T1021.006Windows Remote Management22 det.T1027.010Command Obfuscation38 det.T1033System Owner/User Discovery61 det.T1036.005Match Legitimate Resource Name or Location45 det.T1039Data from Network Shared Drive6 det.T1041Exfiltration Over C2 Channel32 det.T1046Network Service Discovery51 det.T1047Windows Management Instrumentation88 det.T1049System Network Connections Discovery22 det.T1053.005Scheduled Task100 det.T1057Process Discovery21 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1069.001Local Groups37 det.T1070.001Clear Windows Event Logs16 det.T1070.004File Deletion43 det.T1070.006Timestomp10 det.T1071.001Web Protocols81 det.T1071.004DNS35 det.T1074.001Local Data Staging10 det.T1074.002Remote Data Staging3 det.T1078Valid Accounts297 det.T1078.002Domain Accounts28 det.T1083File and Directory Discovery48 det.T1087.001Local Account33 det.T1087.002Domain Account57 det.T1105Ingress Tool Transfer184 det.T1106Native API29 det.T1110.003Password Spraying66 det.T1110.004Credential Stuffing21 det.T1111Multi-Factor Authentication Interception1 det.T1114.001Local Email Collection11 det.T1114.002Remote Email Collection18 det.T1119Automated Collection12 det.T1124System Time Discovery4 det.T1133External Remote Services74 det.T1135Network Share Discovery20 det.T1201Password Policy Discovery20 det.T1213.002Sharepoint4 det.T1217Browser Information Discovery4 det.T1482Domain Trust Discovery41 det.T1550.002Pass the Hash10 det.T1560.001Archive via Utility26 det.T1567.002Exfiltration to Cloud Storage31 det.T1569.002Service Execution64 det.T1570Lateral Tool Transfer23 det.T1572Protocol Tunneling59 det.T1574.001DLL111 det.T1588.002Tool13 det.T1589.001Credentials2 det.T1685.005Clear Windows Event Logs12 det.