Created
November 11, 2019 21:23
-
-
Save Cyb3rWard0g/64ad769b1c05b6be94829d6141b092f7 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "description": "Enterprise techniques used by APT12, ATT&CK group G0005 v2.0", | |
| "name": "APT12 (G0005)", | |
| "domain": "mitre-enterprise", | |
| "version": "2.2", | |
| "techniques": [ | |
| { | |
| "score": 1, | |
| "techniqueID": "T1203", | |
| "comment": "APT12 has exploited multiple vulnerabilities for execution, including Microsoft Office vulnerabilities (CVE-2009-3129, CVE-2012-0158) and vulnerabilities in Adobe Reader and Flash (CVE-2009-4324, CVE-2009-0927, CVE-2011-0609, CVE-2011-0611)." | |
| }, | |
| { | |
| "score": 1, | |
| "techniqueID": "T1193", | |
| "comment": "APT12 has sent emails with malicious Microsoft Office documents and PDFs attached." | |
| }, | |
| { | |
| "score": 1, | |
| "techniqueID": "T1204", | |
| "comment": "APT12 has attempted to get victims to open malicious Microsoft Word and PDF attachment sent via spearphishing." | |
| }, | |
| { | |
| "score": 1, | |
| "techniqueID": "T1102", | |
| "comment": "APT12 has used blogs and WordPress for C2 infrastructure." | |
| } | |
| ], | |
| "gradient": { | |
| "colors": [ | |
| "#ffffff", | |
| "#66b1ff" | |
| ], | |
| "minValue": 0, | |
| "maxValue": 1 | |
| }, | |
| "legendItems": [ | |
| { | |
| "label": "used by APT12", | |
| "color": "#66b1ff" | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment