← Back to Actors
Leviathan
LeviathanMUDCARPKryptonite PandaGadoliniumBRONZE MOHAWKTEMP.JumperAPT40TEMP.PeriscopeGingham Typhoon
[Leviathan](https://attack.mitre.org/groups/G0065) is a Chinese state-sponsored cyber espionage group that has been attributed to the Ministry of State Security's (MSS) Hainan State Security Department and an affiliated front company.(Citation: CISA AA21-200A APT40 July 2021) Active since at least 2009, [Leviathan](https://attack.mitre.org/groups/G0065) has targeted the following sectors: academia, aerospace/aviation, biomedical, defense industrial base, government, healthcare, manufacturing, maritime, and transportation across the US, Canada, Australia, Europe, the Middle East, and Southeast ...
50
Techniques
43
Covered
7
Gaps
86%
Coverage
Coverage43/50
GAPS (7)
COVERED (43)
T1003OS Credential Dumping113 det.T1003.001LSASS Memory111 det.T1021.001Remote Desktop Protocol53 det.T1021.004SSH35 det.T1027.001Binary Padding3 det.T1027.003Steganography5 det.T1027.013Encrypted/Encoded File8 det.T1027.015Compression2 det.T1041Exfiltration Over C2 Channel32 det.T1047Windows Management Instrumentation88 det.T1055.001Dynamic-link Library Injection13 det.T1059.001PowerShell372 det.T1059.005Visual Basic69 det.T1074.001Local Data Staging10 det.T1074.002Remote Data Staging3 det.T1078Valid Accounts297 det.T1090.003Multi-hop Proxy9 det.T1102.003One-Way Communication4 det.T1105Ingress Tool Transfer184 det.T1133External Remote Services74 det.T1140Deobfuscate/Decode Files or Information58 det.T1189Drive-by Compromise10 det.T1190Exploit Public-Facing Application227 det.T1197BITS Jobs25 det.T1203Exploitation for Client Execution79 det.T1204.001Malicious Link11 det.T1204.002Malicious File441 det.T1218.010Regsvr3243 det.T1505.003Web Shell65 det.T1534Internal Spearphishing234 det.T1546.003Windows Management Instrumentation Event Subscription18 det.T1547.001Registry Run Keys / Startup Folder53 det.T1547.009Shortcut Modification6 det.T1553.002Code Signing4 det.T1559.002Dynamic Data Exchange1 det.T1560Archive Collected Data12 det.T1566.001Spearphishing Attachment979 det.T1566.002Spearphishing Link1005 det.T1567.002Exfiltration to Cloud Storage31 det.T1572Protocol Tunneling59 det.T1583.001Domains62 det.T1589.001Credentials2 det.T1595.002Vulnerability Scanning13 det.