ZIRCONIUM

ZIRCONIUMAPT31Violet Typhoon

[ZIRCONIUM](https://attack.mitre.org/groups/G0128) is a threat group operating out of China, active since at least 2017, that has targeted individuals associated with the 2020 US presidential election and prominent leaders in the international affairs community.(Citation: Microsoft Targeting Elections September 2020)(Citation: Check Point APT31 February 2021)

Techniques

Covered

Gaps

90%

Coverage

Coverage26/29

GAPS (3)

T1573.001Symmetric Cryptography T1584.008Network Devices T1665Hide Infrastructure

COVERED (26)

T1012Query Registry24 det.T1016System Network Configuration Discovery39 det.T1027.002Software Packing1 det.T1033System Owner/User Discovery61 det.T1036Masquerading525 det.T1036.004Masquerade Task or Service7 det.T1041Exfiltration Over C2 Channel31 det.T1059.003Windows Command Shell82 det.T1059.006Python49 det.T1068Exploitation for Privilege Escalation99 det.T1082System Information Discovery86 det.T1090.003Multi-hop Proxy9 det.T1102.002Bidirectional Communication15 det.T1105Ingress Tool Transfer183 det.T1124System Time Discovery4 det.T1140Deobfuscate/Decode Files or Information58 det.T1204.001Malicious Link10 det.T1218.007Msiexec33 det.T1547.001Registry Run Keys / Startup Folder53 det.T1555.003Credentials from Web Browsers16 det.T1566.002Spearphishing Link904 det.T1567.002Exfiltration to Cloud Storage29 det.T1583.001Domains61 det.T1583.006Web Services1 det.T1598Phishing for Information902 det.T1598.003Spearphishing Link285 det.