G0114 · 60 ATT&CK techniques · 0 correlated reports

Chimera

Aliases: None listed

Chimera is a suspected China-based threat group that has been active since at least 2018 targeting the semiconductor industry in Taiwan as well as data from the airline industry.

Open interactive actor investigation

ATT&CK techniques

T1574.002
DLL Side-Loading T1074.002
Remote Data Staging T1053.005
Scheduled Task T1569.002
Service Execution T1041
Exfiltration Over C2 Channel T1078
Valid Accounts T1550.002
Pass the Hash T1071.001
Web Protocols T1106
Native API T1556.001
Domain Controller Authentication T1070.001
Clear Windows Event Logs T1071.004
DNS T1482
Domain Trust Discovery T1560.001
Archive via Utility T1021.006
Windows Remote Management T1083
File and Directory Discovery T1087.002
Domain Account T1057
Process Discovery T1021.002
SMB/Windows Admin Shares T1059.001
PowerShell T1003.003
NTDS T1074.001
Local Data Staging T1213.002
Sharepoint T1135
Network Share Discovery T1036.005
Match Legitimate Name or Location T1570
Lateral Tool Transfer T1007
System Service Discovery T1027.010
Command Obfuscation T1016
System Network Configuration Discovery T1046
Network Service Discovery T1033
System Owner/User Discovery T1087.001
Local Account T1572
Protocol Tunneling T1078.002
Domain Accounts T1069.001
Local Groups T1124
System Time Discovery T1201
Password Policy Discovery T1049
System Network Connections Discovery T1059.003
Windows Command Shell T1070.004
File Deletion T1110.003
Password Spraying T1114.001
Local Email Collection T1039
Data from Network Shared Drive T1119
Automated Collection T1133
External Remote Services T1110.004
Credential Stuffing T1082
System Information Discovery T1114.002
Remote Email Collection T1012
Query Registry T1588.002
Tool T1567.002
Exfiltration to Cloud Storage T1070.006
Timestomp T1018
Remote System Discovery T1589.001
Credentials T1047
Windows Management Instrumentation T1021.001
Remote Desktop Protocol T1111
Multi-Factor Authentication Interception T1217
Browser Information Discovery T1105
Ingress Tool Transfer T1102
Web Service

Correlated CTI and IR reports

Continue the investigation

Interactive ThreatMapper ThreatMapper documentation CTI Analyst Field Manual Israel Threat Actors CTI Anomaly Detection Atlas ITDR Handbook 1200km Medium research