EXPLORE
Sign In
← Back to Actors

Chimera

Chimera

[Chimera](https://attack.mitre.org/groups/G0114) is a suspected China-based threat group that has been active since at least 2018 targeting the semiconductor industry in Taiwan as well as data from the airline industry.(Citation: Cycraft Chimera April 2020)(Citation: NCC Group Chimera January 2021)

60
Techniques
58
Covered
2
Gaps
97%
Coverage
Coverage58/60

GAPS (2)

T1556.001Domain Controller AuthenticationT1680Local Storage Discovery

COVERED (58)

T1003.003NTDS36 det.T1007System Service Discovery15 det.T1012Query Registry24 det.T1016System Network Configuration Discovery39 det.T1018Remote System Discovery50 det.T1021.001Remote Desktop Protocol53 det.T1021.002SMB/Windows Admin Shares73 det.T1021.006Windows Remote Management22 det.T1027.010Command Obfuscation38 det.T1033System Owner/User Discovery61 det.T1036.005Match Legitimate Resource Name or Location44 det.T1039Data from Network Shared Drive6 det.T1041Exfiltration Over C2 Channel31 det.T1046Network Service Discovery51 det.T1047Windows Management Instrumentation87 det.T1049System Network Connections Discovery22 det.T1053.005Scheduled Task99 det.T1057Process Discovery20 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1069.001Local Groups37 det.T1070.001Clear Windows Event Logs16 det.T1070.004File Deletion42 det.T1070.006Timestomp10 det.T1071.001Web Protocols80 det.T1071.004DNS34 det.T1074.001Local Data Staging10 det.T1074.002Remote Data Staging3 det.T1078Valid Accounts280 det.T1078.002Domain Accounts28 det.T1083File and Directory Discovery48 det.T1087.001Local Account33 det.T1087.002Domain Account57 det.T1105Ingress Tool Transfer183 det.T1106Native API29 det.T1110.003Password Spraying66 det.T1110.004Credential Stuffing21 det.T1111Multi-Factor Authentication Interception1 det.T1114.001Local Email Collection11 det.T1114.002Remote Email Collection18 det.T1119Automated Collection12 det.T1124System Time Discovery4 det.T1133External Remote Services72 det.T1135Network Share Discovery20 det.T1201Password Policy Discovery20 det.T1213.002Sharepoint4 det.T1217Browser Information Discovery4 det.T1482Domain Trust Discovery41 det.T1550.002Pass the Hash10 det.T1560.001Archive via Utility26 det.T1567.002Exfiltration to Cloud Storage29 det.T1569.002Service Execution64 det.T1570Lateral Tool Transfer22 det.T1572Protocol Tunneling56 det.T1574.001DLL109 det.T1588.002Tool13 det.T1589.001Credentials2 det.T1685.005Clear Windows Event Logs11 det.