APT16 is a China-based threat group that has launched spearphishing campaigns targeting Japanese and Taiwanese organizations. [1]

ID: G0023
Version: 1.1
Created: 31 May 2017
Last Modified: 26 July 2022

Techniques Used

Domain ID Name Use
Enterprise T1584 .004 Compromise Infrastructure: Server

APT16 has compromised otherwise legitimate sites as staging servers for second-stage payloads.[1]


ID Name References Techniques
S0064 ELMER [1] Application Layer Protocol: Web Protocols, File and Directory Discovery, Process Discovery