Description
[Mofang](https://attack.mitre.org/groups/G0103) is a likely China-based cyber espionage group, named for its frequent practice of imitating a victim's infrastructure. This adversary has been observed since at least May 2012 conducting focused attacks against government and critical infrastructure in Myanmar, as well as several other countries and sectors including military, automobile, and weapons industries.(Citation: FOX-IT May 2016 Mofang)
Techniques Used (TTPs)
- T1566.002 — Spearphishing Link (initial-access)
- T1204.001 — Malicious Link (execution)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1027.013 — Encrypted/Encoded File (defense-evasion)
- T1204.002 — Malicious File (execution)
- T1027.015 — Compression (defense-evasion)
Total TTPs: 6
Malware & Tools
Malware: ShimRat
Tools: ShimRatReporter