APT5
Aliases: Mulberry Typhoon, MANGANESE, BRONZE FLEETWOOD, Keyhole Panda, UNC2630
APT5 is a China-based espionage actor that has been active since at least 2007 primarily targeting the telecommunications, aerospace, and defense industries throughout the U.S., Europe, and Asia. APT5 has displayed advanced tradecraft and significant interest in compromising networking devices and their underlying software including through the use of zero-day exploits.
Open interactive actor investigation
ATT&CK techniques
T1059.001
PowerShellT1136.001
Local AccountT1070.006
TimestompT1021.001
Remote Desktop ProtocolT1654
Log EnumerationT1562.006
Indicator BlockingT1074.001
Local Data StagingT1554
Compromise Host Software BinaryT1056.001
KeyloggingT1078.004
Cloud AccountsT1560.001
Archive via UtilityT1003.001
LSASS MemoryT1003.002
Security Account ManagerT1070.004
File DeletionT1098.007
Additional Local or Domain GroupsT1057
Process DiscoveryT1070
Indicator RemovalT1053.003
CronT1059.003
Windows Command ShellT1021.004
SSHT1055
Process InjectionT1505.003
Web ShellT1049
System Network Connections DiscoveryT1078.002
Domain AccountsT1036.005
Match Legitimate Name or LocationT1070.003
Clear Command HistoryT1083
File and Directory DiscoveryT1190
Exploit Public-Facing Application
PowerShellT1136.001
Local AccountT1070.006
TimestompT1021.001
Remote Desktop ProtocolT1654
Log EnumerationT1562.006
Indicator BlockingT1074.001
Local Data StagingT1554
Compromise Host Software BinaryT1056.001
KeyloggingT1078.004
Cloud AccountsT1560.001
Archive via UtilityT1003.001
LSASS MemoryT1003.002
Security Account ManagerT1070.004
File DeletionT1098.007
Additional Local or Domain GroupsT1057
Process DiscoveryT1070
Indicator RemovalT1053.003
CronT1059.003
Windows Command ShellT1021.004
SSHT1055
Process InjectionT1505.003
Web ShellT1049
System Network Connections DiscoveryT1078.002
Domain AccountsT1036.005
Match Legitimate Name or LocationT1070.003
Clear Command HistoryT1083
File and Directory DiscoveryT1190
Exploit Public-Facing Application