LuminousMoth

OriginChina

Techniques (MITRE ATT&CK)28

SourceMITRE ATT&CK

Vexday analysis

Grupo de espionagem cibernética de língua chinesa, o LuminousMoth (identificador MITRE ATT&CK G1014) está ativo pelo menos desde outubro de 2020 e tem como alvo organizações de alto perfil, incluindo entidades governamentais, em Myanmar, Filipinas, Tailândia e outras regiões do Sudeste Asiático. Pesquisadores de segurança identificaram indícios de conexão entre o LuminousMoth e o grupo Mustang Panda, com base em sobreposições de infraestrutura de rede, alvos similares e TTPs compartilhadas. O grupo possui 28 técnicas documentadas no framework MITRE ATT&CK.

Techniques (MITRE ATT&CK) 28

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development

Malware Malware Tool Digital Certificates Upload Malware Drive-by Target Link Target

Initial access

Spearphishing Link

Execution

Scheduled Task Malicious Link

Persistence

Registry Run Keys / Startup Folder

Credential access

Steal Web Session Cookie ARP Cache Poisoning

Discovery

System Owner/User Discovery File and Directory Discovery

Lateral movement

Replication Through Removable Media

Collection

Data from Local System Archive Collected Data

Command and control

Web Protocols Ingress Tool Transfer

Exfiltration

Data Transfer Size Limits Exfiltration Over C2 Channel Exfiltration to Cloud Storage

defense-impairment

Modify Registry Code Signing

stealth

Match Legitimate Resource Name or Location Hidden Files and Directories DLL

Exploited vulnerabilities

No CVEs attributed to this group in public sources (MITRE ATT&CK). Absence of attribution does not mean absence of activity.

LuminousMoth uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →