Confucius

Also known as: Confucius, Confucius APT

Confucius is a cyber espionage group that has primarily targeted military personnel, high-profile personalities, business persons, and government organizations in South Asia since at least 2013. Security researchers have noted similarities between Confucius and Patchwork, particularly in their respective custom malware code and targets. TrendMicro Confucius APT Feb 2018 TrendMicro Confucius APT Aug 2021 Uptycs Confucius APT Jan 2021

🧭 ATT&CK G0142

Introduction

Confucius is a cyber espionage group that has primarily targeted military personnel, high-profile personalities, business persons, and government organizations in South Asia since at least 2013. Security researchers have noted similarities between Confucius and Patchwork, particularly in their respective custom malware code and targets. TrendMicro Confucius APT Feb 2018 TrendMicro Confucius APT Aug 2021 Uptycs Confucius APT Jan 2021

Activities and Tactics

Information pending cataloguing.

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

ATT&CK technique IDs (denormalized)

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • CyberGate:
  • Cyber Eye RAT:
  • Archelaus Beta:

MITRE ATT&CK Software

Attribution and Evidence

Information pending cataloguing.

References

[1] mitre-attack [2] TrendMicro Confucius APT Feb 2018 Lunghi, D and Horejsi, J. (2018, February 13). Deciphering Confucius: A Look at the Group’s Cyberespionage Operations. Retrieved December 26, 2021. [3] TrendMicro Confucius APT Aug 2021 Lunghi, D. (2021, August 17). Confucius Uses Pegasus Spyware-related Lures to Target Pakistani Military. Retrieved December 26, 2021. [4] Uptycs Confucius APT Jan 2021 Uptycs Threat Research Team. (2021, January 12). Confucius APT deploys Warzone RAT. Retrieved December 17, 2021.