Confucius | APT Profile

Description

[Confucius](https://attack.mitre.org/groups/G0142) is a cyber espionage group that has primarily targeted military personnel, high-profile personalities, business persons, and government organizations in South Asia since at least 2013. Security researchers have noted similarities between [Confucius](https://attack.mitre.org/groups/G0142) and [Patchwork](https://attack.mitre.org/groups/G0040), particularly in their respective custom malware code and targets.(Citation: TrendMicro Confucius APT Feb 2018)(Citation: TrendMicro Confucius APT Aug 2021)(Citation: Uptycs Confucius APT Jan 2021)

Techniques Used (TTPs)

T1566.002 — Spearphishing Link (initial-access)
T1204.001 — Malicious Link (execution)
T1567.002 — Exfiltration to Cloud Storage (exfiltration)
T1221 — Template Injection (defense-evasion)
T1059.005 — Visual Basic (execution)
T1566.001 — Spearphishing Attachment (initial-access)
T1203 — Exploitation for Client Execution (execution)
T1082 — System Information Discovery (discovery)
T1105 — Ingress Tool Transfer (command-and-control)
T1119 — Automated Collection (collection)
T1583.006 — Web Services (resource-development)
T1071.001 — Web Protocols (command-and-control)
T1041 — Exfiltration Over C2 Channel (exfiltration)
T1218.005 — Mshta (defense-evasion)
T1083 — File and Directory Discovery (discovery)
T1547.001 — Registry Run Keys / Startup Folder (persistence, privilege-escalation)
T1053.005 — Scheduled Task (execution, persistence, privilege-escalation)
T1204.002 — Malicious File (execution)
T1059.001 — PowerShell (execution)

Total TTPs: 19

Malware & Tools

Malware: WarzoneRAT

← Return to Home ← Back to APT Search