/
APT12_G0005.json
1 lines (1 loc) · 1.31 KB
/
APT12_G0005.json
1
{"description": "Enterprise techniques used by APT12, ATT&CK group G0005 v1.0", "name": "APT12 (G0005)", "domain": "mitre-enterprise", "version": "2.2", "techniques": [{"score": 1, "techniqueID": "T1102", "techniqueName": "Web Service", "comment": "[APT12](https://attack.mitre.org/groups/G0005) has used blogs and WordPress for C2 infrastructure."}, {"score": 1, "techniqueID": "T1193", "techniqueName": "Spearphishing Attachment", "comment": "[APT12](https://attack.mitre.org/groups/G0005) has sent emails with malicious Microsoft Office documents and PDFs attached."}, {"score": 1, "techniqueID": "T1203", "techniqueName": "Exploitation for Client Execution", "comment": "[APT12](https://attack.mitre.org/groups/G0005) has exploited multiple vulnerabilities for execution, including Microsoft Office vulnerabilities (CVE-2009-3129, CVE-2012-0158) and vulnerabilities in Adobe Reader and Flash (CVE-2009-4324, CVE-2009-0927, CVE-2011-0609, CVE-2011-0611)."}, {"score": 1, "techniqueID": "T1204", "techniqueName": "User Execution", "comment": "[APT12](https://attack.mitre.org/groups/G0005) has attempted to get victims to open malicious Microsoft Word and PDF attachment sent via spearphishing."}], "gradient": {"colors": ["#ffffff", "#ff6666"], "minValue": 0, "maxValue": 1}, "legendItems": [{"label": "used by APT12", "color": "#ff6666"}]}