Skip to content

Latest commit

 

History

History
15 lines (11 loc) · 2.09 KB

G0062.md

File metadata and controls

15 lines (11 loc) · 2.09 KB
Raw

G0062:TA459

Description

TA459 is a threat group believed to operate out of China that has targeted countries including Russia, Belarus, Mongolia, and others. (Citation: Proofpoint TA459 April 2017)

TTPs

Platform Tactic Technique Description Data Sources
Windows, macOS, Linux initial-access Spearphishing Attachment TA459 has targeted victims using spearphishing emails with malicious Microsoft Word attachments. File monitoring, Packet capture, Network intrusion detection system, Detonation chamber, Email gateway, Mail server
Linux, Windows, macOS execution Exploitation for Client Execution TA459 has exploited Microsoft Word vulnerability CVE-2017-0199 for execution. Anti-virus, System calls, Process monitoring
Linux, Windows, macOS execution User Execution TA459 has attempted to get victims to open malicious Microsoft Word attachment sent via spearphishing. Anti-virus, Process command-line parameters, Process monitoring
Linux, macOS, Windows defense-evasion, execution Scripting TA459 has a VBScript for execution. Process monitoring, File monitoring, Process command-line parameters
Windows execution PowerShell TA459 has used PowerShell for execution of a payload. PowerShell logs, Loaded DLLs, DLL monitoring, Windows Registry, File monitoring, Process monitoring, Process command-line parameters