Skip to content

Hide Navigation Hide TOC

APT16 - G0023 (d6e88e18-81e8-4709-82d8-973095da1e70)

APT16 is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations. (Citation: FireEye EPS Awakens Part 2)

Cluster A Galaxy A Cluster B Galaxy B Level
APT16 - G0023 (d6e88e18-81e8-4709-82d8-973095da1e70) Intrusion Set Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern 1
APT16 - G0023 (d6e88e18-81e8-4709-82d8-973095da1e70) Intrusion Set Identify business relationships - T1272 (5b6ce031-bb86-407a-9984-2b9700ac4549) Attack Pattern 1
APT16 - G0023 (d6e88e18-81e8-4709-82d8-973095da1e70) Intrusion Set ELMER - S0064 (3cab1b76-2f40-4cd0-8d2c-7ed16eeb909c) Malware 1
APT16 - G0023 (d6e88e18-81e8-4709-82d8-973095da1e70) Intrusion Set Compromise 3rd party infrastructure to support delivery - T1334 (e51398e6-53dc-4e9f-a323-e54683d8672b) Attack Pattern 1
Compromise Infrastructure - T1584 (7e3beebd-8bfe-4e7b-a892-e44ab06a75f9) Attack Pattern Server - T1584.004 (e196b5c5-8118-4a1c-ab8a-936586ce3db5) Attack Pattern 2
Identify business relationships - T1283 (73e7d7d5-1782-4cd0-a4d7-00c7ec051c2a) Attack Pattern Identify business relationships - T1272 (5b6ce031-bb86-407a-9984-2b9700ac4549) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern ELMER - S0064 (3cab1b76-2f40-4cd0-8d2c-7ed16eeb909c) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern ELMER - S0064 (3cab1b76-2f40-4cd0-8d2c-7ed16eeb909c) Malware 2
ELMER - S0064 (3cab1b76-2f40-4cd0-8d2c-7ed16eeb909c) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Compromise 3rd party infrastructure to support delivery - T1312 (4900fabf-1142-4c1f-92f5-0b590e049077) Attack Pattern Compromise 3rd party infrastructure to support delivery - T1334 (e51398e6-53dc-4e9f-a323-e54683d8672b) Attack Pattern 2
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3