ZIRCONIUM

ZIRCONIUMAPT31Violet Typhoon

[ZIRCONIUM](https://attack.mitre.org/groups/G0128) is a threat group operating out of China, active since at least 2017, that has targeted individuals associated with the 2020 US presidential election and prominent leaders in the international affairs community.(Citation: Microsoft Targeting Elections September 2020)(Citation: Check Point APT31 February 2021)

Techniques

Covered

Gaps

90%

Coverage

Coverage26/29

GAPS (3)

T1573.001Symmetric Cryptography T1584.008Network Devices T1665Hide Infrastructure

COVERED (26)

T1012Query Registry22 det.T1016System Network Configuration Discovery35 det.T1027.002Software Packing1 det.T1033System Owner/User Discovery59 det.T1036Masquerading493 det.T1036.004Masquerade Task or Service7 det.T1041Exfiltration Over C2 Channel30 det.T1059.003Windows Command Shell79 det.T1059.006Python43 det.T1068Exploitation for Privilege Escalation91 det.T1082System Information Discovery80 det.T1090.003Multi-hop Proxy8 det.T1102.002Bidirectional Communication14 det.T1105Ingress Tool Transfer170 det.T1124System Time Discovery4 det.T1140Deobfuscate/Decode Files or Information55 det.T1204.001Malicious Link9 det.T1218.007Msiexec30 det.T1547.001Registry Run Keys / Startup Folder50 det.T1555.003Credentials from Web Browsers15 det.T1566.002Spearphishing Link837 det.T1567.002Exfiltration to Cloud Storage27 det.T1583.001Domains61 det.T1583.006Web Services1 det.T1598Phishing for Information843 det.T1598.003Spearphishing Link271 det.