Movatterモバイル変換

[0]ホーム
URL:

  1. Home
  2. Groups
  3. APT12

APT12

APT12 is a threat group that has been attributed to China. The group has targeted a variety of victims including but not limited to media outlets, high-tech companies, and multiple governments.[1]

ID: G0005
Associated Groups: IXESHE, DynCalc, Numbered Panda, DNSCALC
Version: 2.1
Created: 31 May 2017
Last Modified: 25 April 2025

Associated Group Descriptions

NameDescription
IXESHE

[1][2]

DynCalc

[1][2]

Numbered Panda

[1]

DNSCALC

[2]

Enterprise Layer
downloadview

Techniques Used

DomainIDNameUse
EnterpriseT1568.003Dynamic Resolution:DNS Calculation

APT12 has used multiple variants ofDNS Calculation including multiplying the first two octets of an IP address and adding the third octet to that value in order to get a resulting command and control port.[1]

EnterpriseT1203Exploitation for Client Execution

APT12 has exploited multiple vulnerabilities for execution, including Microsoft Office vulnerabilities (CVE-2009-3129, CVE-2012-0158) and vulnerabilities in Adobe Reader and Flash (CVE-2009-4324, CVE-2009-0927, CVE-2011-0609, CVE-2011-0611).[2][3]

EnterpriseT1566.001Phishing:Spearphishing Attachment

APT12 has sent emails with malicious Microsoft Office documents and PDFs attached.[2][3]

EnterpriseT1204.002User Execution:Malicious File

APT12 has attempted to get victims to open malicious Microsoft Word and PDF attachment sent via spearphishing.[2][3]

EnterpriseT1102.002Web Service:Bidirectional Communication

APT12 has used blogs and WordPress for C2 infrastructure.[1]

Software

References

×
[8]ページ先頭
©2009-2026 Movatter.jp