Confucius

ConfuciusConfucius APT

[Confucius](https://attack.mitre.org/groups/G0142) is a cyber espionage group that has primarily targeted military personnel, high-profile personalities, business persons, and government organizations in South Asia since at least 2013. Security researchers have noted similarities between [Confucius](https://attack.mitre.org/groups/G0142) and [Patchwork](https://attack.mitre.org/groups/G0040), particularly in their respective custom malware code and targets.(Citation: TrendMicro Confucius APT Feb 2018)(Citation: TrendMicro Confucius APT Aug 2021)(Citation: Uptycs Confucius APT Jan 2021)

Techniques

Covered

Gaps

95%

Coverage

Coverage18/19

GAPS (1)

T1680Local Storage Discovery

COVERED (18)

T1041Exfiltration Over C2 Channel30 det.T1053.005Scheduled Task82 det.T1059.001PowerShell338 det.T1059.005Visual Basic66 det.T1071.001Web Protocols74 det.T1083File and Directory Discovery48 det.T1105Ingress Tool Transfer170 det.T1119Automated Collection11 det.T1203Exploitation for Client Execution71 det.T1204.001Malicious Link9 det.T1204.002Malicious File397 det.T1218.005Mshta46 det.T1221Template Injection1 det.T1547.001Registry Run Keys / Startup Folder50 det.T1566.001Spearphishing Attachment850 det.T1566.002Spearphishing Link837 det.T1567.002Exfiltration to Cloud Storage27 det.T1583.006Web Services1 det.