EXPLORE
Sign In
← Back to Actors

Chimera

Chimera

[Chimera](https://attack.mitre.org/groups/G0114) is a suspected China-based threat group that has been active since at least 2018 targeting the semiconductor industry in Taiwan as well as data from the airline industry.(Citation: Cycraft Chimera April 2020)(Citation: NCC Group Chimera January 2021)

59
Techniques
57
Covered
2
Gaps
97%
Coverage
Coverage57/59

GAPS (2)

T1556.001Domain Controller AuthenticationT1680Local Storage Discovery

COVERED (57)

T1003.003NTDS34 det.T1007System Service Discovery11 det.T1012Query Registry22 det.T1016System Network Configuration Discovery35 det.T1018Remote System Discovery46 det.T1021.001Remote Desktop Protocol51 det.T1021.002SMB/Windows Admin Shares67 det.T1021.006Windows Remote Management22 det.T1027.010Command Obfuscation31 det.T1033System Owner/User Discovery59 det.T1036.005Match Legitimate Resource Name or Location44 det.T1039Data from Network Shared Drive6 det.T1041Exfiltration Over C2 Channel30 det.T1046Network Service Discovery49 det.T1047Windows Management Instrumentation85 det.T1049System Network Connections Discovery21 det.T1053.005Scheduled Task82 det.T1057Process Discovery18 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1069.001Local Groups35 det.T1070.001Clear Windows Event Logs15 det.T1070.004File Deletion40 det.T1070.006Timestomp9 det.T1071.001Web Protocols74 det.T1071.004DNS31 det.T1074.001Local Data Staging10 det.T1074.002Remote Data Staging3 det.T1078Valid Accounts252 det.T1078.002Domain Accounts26 det.T1083File and Directory Discovery48 det.T1087.001Local Account32 det.T1087.002Domain Account55 det.T1105Ingress Tool Transfer170 det.T1106Native API27 det.T1110.003Password Spraying65 det.T1110.004Credential Stuffing21 det.T1111Multi-Factor Authentication Interception1 det.T1114.001Local Email Collection11 det.T1114.002Remote Email Collection18 det.T1119Automated Collection11 det.T1124System Time Discovery4 det.T1133External Remote Services72 det.T1135Network Share Discovery16 det.T1201Password Policy Discovery17 det.T1213.002Sharepoint4 det.T1217Browser Information Discovery4 det.T1482Domain Trust Discovery38 det.T1550.002Pass the Hash9 det.T1560.001Archive via Utility24 det.T1567.002Exfiltration to Cloud Storage27 det.T1569.002Service Execution63 det.T1570Lateral Tool Transfer20 det.T1572Protocol Tunneling51 det.T1574.001DLL106 det.T1588.002Tool13 det.T1589.001Credentials2 det.