Confucius
Aliases: Confucius APT
Confucius is a cyber espionage group that has primarily targeted military personnel, high-profile personalities, business persons, and government organizations in South Asia since at least 2013. Security researchers have noted similarities between Confucius and Patchwork, particularly in their respective custom malware code and targets.
Open interactive actor investigation
ATT&CK techniques
T1566.002
Spearphishing LinkT1204.001
Malicious LinkT1567.002
Exfiltration to Cloud StorageT1221
Template InjectionT1059.005
Visual BasicT1566.001
Spearphishing AttachmentT1203
Exploitation for Client ExecutionT1082
System Information DiscoveryT1105
Ingress Tool TransferT1119
Automated CollectionT1583.006
Web ServicesT1071.001
Web ProtocolsT1041
Exfiltration Over C2 ChannelT1218.005
MshtaT1083
File and Directory DiscoveryT1547.001
Registry Run Keys / Startup FolderT1053.005
Scheduled TaskT1204.002
Malicious FileT1059.001
PowerShell
Spearphishing LinkT1204.001
Malicious LinkT1567.002
Exfiltration to Cloud StorageT1221
Template InjectionT1059.005
Visual BasicT1566.001
Spearphishing AttachmentT1203
Exploitation for Client ExecutionT1082
System Information DiscoveryT1105
Ingress Tool TransferT1119
Automated CollectionT1583.006
Web ServicesT1071.001
Web ProtocolsT1041
Exfiltration Over C2 ChannelT1218.005
MshtaT1083
File and Directory DiscoveryT1547.001
Registry Run Keys / Startup FolderT1053.005
Scheduled TaskT1204.002
Malicious FileT1059.001
PowerShell