APT16
APT16 is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations. [1]
ID: G0023
Aliases: APT16
Version: 1.0
Alias Descriptions
| Name | Description |
|---|---|
| APT16 | [1] |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| PRE-ATT&CK | T1334 | Compromise 3rd party infrastructure to support delivery | APT16 has compromised otherwise legitimate sites as staging servers for second-stage payloads.[1] |
| PRE-ATT&CK | T1272 | Identify business relationships | APT16 spearphished journalists, apparently targeting those interested in contact information for DPP members or politicians.[1] |
Software
| ID | Name | Techniques |
|---|---|---|
| S0064 | ELMER | Commonly Used Port, File and Directory Discovery, Process Discovery, Standard Application Layer Protocol |