APT16
APT16 is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations. [1]
ID: G0023
Version: 1.0
Created: 31 May 2017
Last Modified: 22 March 2019
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| PRE-ATT&CK | T1334 | Compromise 3rd party infrastructure to support delivery |
APT16 has compromised otherwise legitimate sites as staging servers for second-stage payloads.[1] |
| PRE-ATT&CK | T1272 | Identify business relationships |
APT16 spearphished journalists, apparently targeting those interested in contact information for DPP members or politicians.[1] |
Software
| ID | Name | References | Techniques |
|---|---|---|---|
| S0064 | ELMER | [1] | Commonly Used Port, File and Directory Discovery, Process Discovery, Standard Application Layer Protocol |