menuPass

OriginChina

Techniques (MITRE ATT&CK)46

SourceMITRE ATT&CK

Also known as:CicadaPOTASSIUMStone PandaAPT10Red ApolloCVNXHOGFISHBRONZE RIVERSIDE

Vexday analysis

Ativo desde pelo menos 2006, o menuPass (também identificado como Cicada, POTASSIUM, Stone Panda, APT10, Red Apollo e CVNX) é um grupo APT de origem chinesa rastreado pelo MITRE ATT&CK sob o identificador G0045. Membros do grupo são associados ao Departamento de Segurança Estatal de Tianjin, vinculado ao Ministério de Segurança do Estado (MSS) da China, e teriam operado por meio da empresa Huaying Haitai Science and Technology Development Company. O grupo tem como alvos organizações dos setores de saúde, defesa, aeroespacial, finanças, marítimo, biotecnologia, energia e governo em escala global, com ênfase em entidades japonesas, além de provedores de serviços de TI gerenciados (MSPs) e empresas de manufatura e mineração. Ao grupo são atribuídas 46 técnicas documentadas no MITRE ATT&CK e a exploração de 4 CVEs conhecidas.

Techniques (MITRE ATT&CK) 46

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development

Domains Tool

Initial access

Exploit Public-Facing Application Trusted Relationship Spearphishing Attachment

Execution

Windows Management Instrumentation Scheduled Task PowerShell Windows Command Shell Native API Malicious File

Credential access

Security Account Manager NTDS LSA Secrets

Discovery

System Network Configuration Discovery Remote System Discovery Network Service Discovery System Network Connections Discovery File and Directory Discovery Domain Account

Lateral movement

Remote Desktop Protocol SSH Exploitation of Remote Services

Collection

Data from Local System Data from Network Shared Drive Keylogging Local Data Staging Remote Data Staging Automated Collection Archive Collected Data Archive via Utility

Command and control

External Proxy Ingress Tool Transfer Fast Flux DNS

defense-impairment

Code Signing

stealth

Encrypted/Encoded File Masquerading Rename Legitimate Utilities Match Legitimate Resource Name or Location Process Hollowing Clear Command History File Deletion Valid Accounts Deobfuscate/Decode Files or Information InstallUtil DLL

Exploited vulnerabilities 4

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2014-7169CRITICALEPSS 100%KEV CVE-2020-1472MEDIUMEPSS 100%KEV CVE-2016-6662EPSS 68%CVE-2017-0176EPSS 46%

menuPass uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →