EXPLORE
Sign In
← Back to Actors

Leviathan

LeviathanMUDCARPKryptonite PandaGadoliniumBRONZE MOHAWKTEMP.JumperAPT40TEMP.PeriscopeGingham Typhoon

[Leviathan](https://attack.mitre.org/groups/G0065) is a Chinese state-sponsored cyber espionage group that has been attributed to the Ministry of State Security's (MSS) Hainan State Security Department and an affiliated front company.(Citation: CISA AA21-200A APT40 July 2021) Active since at least 2009, [Leviathan](https://attack.mitre.org/groups/G0065) has targeted the following sectors: academia, aerospace/aviation, biomedical, defense industrial base, government, healthcare, manufacturing, maritime, and transportation across the US, Canada, Australia, Europe, the Middle East, and Southeast ...

50
Techniques
43
Covered
7
Gaps
86%
Coverage
Coverage43/50

GAPS (7)

T1584.004ServerT1584.008Network DevicesT1585.001Social Media AccountsT1585.002Email AccountsT1586.001Social Media AccountsT1586.002Email AccountsT1587.004Exploits

COVERED (43)

T1003OS Credential Dumping106 det.T1003.001LSASS Memory105 det.T1021.001Remote Desktop Protocol51 det.T1021.004SSH31 det.T1027.001Binary Padding3 det.T1027.003Steganography5 det.T1027.013Encrypted/Encoded File7 det.T1027.015Compression2 det.T1041Exfiltration Over C2 Channel30 det.T1047Windows Management Instrumentation85 det.T1055.001Dynamic-link Library Injection11 det.T1059.001PowerShell338 det.T1059.005Visual Basic66 det.T1074.001Local Data Staging10 det.T1074.002Remote Data Staging3 det.T1078Valid Accounts252 det.T1090.003Multi-hop Proxy8 det.T1102.003One-Way Communication4 det.T1105Ingress Tool Transfer170 det.T1133External Remote Services72 det.T1140Deobfuscate/Decode Files or Information55 det.T1189Drive-by Compromise10 det.T1190Exploit Public-Facing Application208 det.T1197BITS Jobs23 det.T1203Exploitation for Client Execution71 det.T1204.001Malicious Link9 det.T1204.002Malicious File397 det.T1218.010Regsvr3241 det.T1505.003Web Shell57 det.T1534Internal Spearphishing181 det.T1546.003Windows Management Instrumentation Event Subscription17 det.T1547.001Registry Run Keys / Startup Folder50 det.T1547.009Shortcut Modification6 det.T1553.002Code Signing3 det.T1559.002Dynamic Data Exchange1 det.T1560Archive Collected Data11 det.T1566.001Spearphishing Attachment850 det.T1566.002Spearphishing Link837 det.T1567.002Exfiltration to Cloud Storage27 det.T1572Protocol Tunneling51 det.T1583.001Domains61 det.T1589.001Credentials2 det.T1595.002Vulnerability Scanning12 det.