Introduction
APT12 is a threat group that has been attributed to China. The group has targeted a variety of victims including but not limited to media outlets, high-tech companies, and multiple governments. Meyers Numbered Panda
Activities and Tactics
Targeted Sectors: Private sector, Government
Country of Origin: π¨π³ China
Risk Level: High
First Seen: 2012
Last Activity: 2016
Incident Type: Espionage
Suspected Victims: Taiwan, Japan
Notable Campaigns
- NYT Oct 2012
Tactics, Techniques, and Procedures (TTPs)
- T1204.002 Malicious File
- T1102.002 Bidirectional Communication
- T1568.003 DNS Calculation
- T1203 Exploitation for Client Execution
- T1566.001 Spearphishing Attachment
ATT&CK technique IDs (denormalized)
Notable Indicators of Compromise (IOCs)
No atomic indicators are listed in this profile. The APTnotes snapshot indexes 4 public reports that may contain IOCs; see Source Attribution for dataset links.
Malware and Tools
- China Chopper
- Etumbot:
- Riptide:
- Hightide:
- ThreeByte:
- Waterspout:
- Mswab:
- Gh0st:
- ShowNews:
- 3001:
MITRE ATT&CK Software
Attribution and Evidence
Country of Origin: China Additional attribution information pending cataloguing.
References
[1] mitre-attack [7] Meyers Numbered Panda Meyers, A. (2013, March 29). Whois Numbered Panda. Retrieved January 14, 2016. [8] Moran 2014 Moran, N., Oppenheim, M., Engle, S., & Wartell, R.. (2014, September 3). Darwinβs Favorite APT Group [Blog]. Retrieved November 12, 2014.