EXPLORE
Sign In
← Back to Actors

menuPass

menuPassCicadaPOTASSIUMStone PandaAPT10Red ApolloCVNXHOGFISHBRONZE RIVERSIDE

[menuPass](https://attack.mitre.org/groups/G0045) is a threat group that has been active since at least 2006. Individual members of [menuPass](https://attack.mitre.org/groups/G0045) are known to have acted in association with the Chinese Ministry of State Security's (MSS) Tianjin State Security Bureau and worked for the Huaying Haitai Science and Technology Development Company.(Citation: DOJ APT10 Dec 2018)(Citation: District Court of NY APT10 Indictment December 2018) [menuPass](https://attack.mitre.org/groups/G0045) has targeted healthcare, defense, aerospace, finance, maritime, biotechnolo...

46
Techniques
45
Covered
1
Gaps
98%
Coverage
Coverage45/46

GAPS (1)

T1568.001Fast Flux DNS

COVERED (45)

T1003.002Security Account Manager45 det.T1003.003NTDS34 det.T1003.004LSA Secrets16 det.T1005Data from Local System46 det.T1016System Network Configuration Discovery35 det.T1018Remote System Discovery46 det.T1021.001Remote Desktop Protocol51 det.T1021.004SSH31 det.T1027.013Encrypted/Encoded File7 det.T1036Masquerading493 det.T1036.003Rename Legitimate Utilities47 det.T1036.005Match Legitimate Resource Name or Location44 det.T1039Data from Network Shared Drive6 det.T1046Network Service Discovery49 det.T1047Windows Management Instrumentation85 det.T1049System Network Connections Discovery21 det.T1053.005Scheduled Task82 det.T1055.012Process Hollowing8 det.T1056.001Keylogging4 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1070.003Clear Command History14 det.T1070.004File Deletion40 det.T1074.001Local Data Staging10 det.T1074.002Remote Data Staging3 det.T1078Valid Accounts252 det.T1083File and Directory Discovery48 det.T1087.002Domain Account55 det.T1090.002External Proxy6 det.T1105Ingress Tool Transfer170 det.T1106Native API27 det.T1119Automated Collection11 det.T1140Deobfuscate/Decode Files or Information55 det.T1190Exploit Public-Facing Application208 det.T1199Trusted Relationship6 det.T1204.002Malicious File397 det.T1210Exploitation of Remote Services33 det.T1218.004InstallUtil15 det.T1553.002Code Signing3 det.T1560Archive Collected Data11 det.T1560.001Archive via Utility24 det.T1566.001Spearphishing Attachment850 det.T1574.001DLL106 det.T1583.001Domains61 det.T1588.002Tool13 det.