EXPLORE
Sign In
← Back to Actors

menuPass

menuPassCicadaPOTASSIUMStone PandaAPT10Red ApolloCVNXHOGFISHBRONZE RIVERSIDE

[menuPass](https://attack.mitre.org/groups/G0045) is a threat group that has been active since at least 2006. Individual members of [menuPass](https://attack.mitre.org/groups/G0045) are known to have acted in association with the Chinese Ministry of State Security's (MSS) Tianjin State Security Bureau and worked for the Huaying Haitai Science and Technology Development Company.(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018) [menuPass](https://attack.mitre.org/groups/G0045) has targeted healthcare, defense, aerospace, finance, maritime, biotechnolo...

46
Techniques
45
Covered
1
Gaps
98%
Coverage
Coverage45/46

GAPS (1)

T1568.001Fast Flux DNS

COVERED (45)

T1003.002Security Account Manager49 det.T1003.003NTDS36 det.T1003.004LSA Secrets18 det.T1005Data from Local System47 det.T1016System Network Configuration Discovery39 det.T1018Remote System Discovery50 det.T1021.001Remote Desktop Protocol53 det.T1021.004SSH34 det.T1027.013Encrypted/Encoded File8 det.T1036Masquerading525 det.T1036.003Rename Legitimate Utilities47 det.T1036.005Match Legitimate Resource Name or Location44 det.T1039Data from Network Shared Drive6 det.T1046Network Service Discovery51 det.T1047Windows Management Instrumentation87 det.T1049System Network Connections Discovery22 det.T1053.005Scheduled Task99 det.T1055.012Process Hollowing9 det.T1056.001Keylogging4 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1070.003Clear Command History15 det.T1070.004File Deletion42 det.T1074.001Local Data Staging10 det.T1074.002Remote Data Staging3 det.T1078Valid Accounts280 det.T1083File and Directory Discovery48 det.T1087.002Domain Account57 det.T1090.002External Proxy6 det.T1105Ingress Tool Transfer183 det.T1106Native API29 det.T1119Automated Collection12 det.T1140Deobfuscate/Decode Files or Information58 det.T1190Exploit Public-Facing Application216 det.T1199Trusted Relationship6 det.T1204.002Malicious File425 det.T1210Exploitation of Remote Services35 det.T1218.004InstallUtil15 det.T1553.002Code Signing3 det.T1560Archive Collected Data12 det.T1560.001Archive via Utility26 det.T1566.001Spearphishing Attachment905 det.T1574.001DLL109 det.T1583.001Domains61 det.T1588.002Tool13 det.