Threat Attribution — Chimera “Under the Radar”
Tags
cmtmf-attack-pattern: Application Layer Protocol Automated Exfiltration Command And Scripting Interpreter Masquerading Modify Authentication Process Process Injection Scheduled Task/Job System Network Connections Discovery
country: China Taiwan
attack-pattern: Data Model Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Utility - T1560.001 Asymmetric Cryptography - T1521.002 Asymmetric Cryptography - T1573.002 Clear Windows Event Logs - T1070.001 Cloud Services - T1021.007 Command And Scripting Interpreter - T1623 Credential Stuffing - T1110.004 Data From Local System - T1533 Dll Side-Loading - T1574.002 Dns - T1071.004 Dns - T1590.002 Domain Account - T1087.002 Domain Account - T1136.002 Domain Controller Authentication - T1556.001 Domain Trust Discovery - T1482 Dynamic-Link Library Injection - T1055.001 Encrypted Channel - T1521 Encrypted Channel - T1573 Exfiltration Over C2 Channel - T1646 Exfiltration Over Web Service - T1567 Exfiltration To Cloud Storage - T1567.002 File And Directory Discovery - T1420 File Deletion - T1070.004 File Deletion - T1630.002 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Indicator Removal On Host - T1630 Lateral Tool Transfer - T1570 Local Account - T1087.001 Local Account - T1136.001 Local Data Staging - T1074.001 Local Email Collection - T1114.001 System Network Configuration Discovery - T1422 System Network Connections Discovery - T1421 Lsass Memory - T1003.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Network Service Scanning - T1423 Process Discovery - T1424 System Information Discovery - T1426 Modify Authentication Process - T1556 Ntds - T1003.003 Pass The Hash - T1550.002 Password Spraying - T1110.003 Powershell - T1059.001 Process Injection - T1631 Protocol Tunneling - T1572 Remote Data Staging - T1074.002 Remote Desktop Protocol - T1021.001 Rename System Utilities - T1036.003 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Service Execution - T1569.002 Sharepoint - T1213.002 Smb/Windows Admin Shares - T1021.002 Software - T1592.002 Ssh - T1021.004 System Services - T1569 Windows Remote Management - T1021.006 Windows Command Shell - T1059.003 Timestomp - T1070.006 Web Protocols - T1071.001 Web Protocols - T1437.001 Use Alternate Authentication Material - T1550 Tool - T1588.002 Account Discovery - T1087 Standard Application Layer Protocol - T1071 Automated Collection - T1119 Automated Exfiltration - T1020 Browser Bookmark Discovery - T1217 Brute Force - T1110 Command-Line Interface - T1059 Credential Dumping - T1003 Data From Information Repositories - T1213 Data From Local System - T1005 Data From Network Shared Drive - T1039 Data Staged - T1074 Data Transfer Size Limits - T1030 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Email Collection - T1114 Exfiltration Over Command And Control Channel - T1041 External Remote Services - T1133 File And Directory Discovery - T1083 File Deletion - T1107 Indicator Removal On Host - T1070 Masquerading - T1036 Two-Factor Authentication Interception - T1111 Network Service Scanning - T1046 Network Share Discovery - T1135 Pass The Hash - T1075 Permission Groups Discovery - T1069 Powershell - T1086 Process Discovery - T1057 Process Injection - T1055 Query Registry - T1012 Remote Services - T1021 Remote System Discovery - T1018 Scheduled Task - T1053 Service Execution - T1035 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 System Owner/User Discovery - T1033 System Service Discovery - T1007 System Time Discovery - T1124 Windows Remote Management - T1028 Windows Management Instrumentation - T1047 Valid Accounts - T1078 Timestomp - T1099 Automated Collection Data From Information Repositories External Remote Services Indicator Removal On Host Masquerading Network Service Scanning Remote System Discovery Valid Accounts
Show in Graph
Common Information
Type Value
UUID f0d10362-57f7-4d6f-b04a-695318ab469f
Fingerprint 2a152d59c9b7ada1
Analysis status DONE
Considered CTI value 2
Text language
Published June 10, 2022, 5:15 a.m.
Added to db Sept. 26, 2022, 9:33 a.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Threat Attribution — Chimera “Under the Radar”
Title Threat Attribution — Chimera “Under the Radar”
Detected Hints/Tags/Attributes 202/3/76
Source URLs
Redirection Url
Details Source https://cycrafttechnology.medium.com/threat-attribution-chimera-under-the-radar-7c4cce390efd
URL Provider
Details Provider Source level domain
Details medium.com cycrafttechnology.medium.com
Attributes
Details Type #Events CTI Value
Details Domain 6 
recordedtv.ms
Details Domain 9 
cycraft.com
Details Email 4 
engage@cycraft.com
Details File 4 
get.exe
Details File 49 
onedrive.exe
Details File 175 
update.exe
Details File 18 
jucheck.exe
Details md5 4 
4d5440282b69453f4eb6232a1689dd4a
Details md5 5 
c9b8cab697f23e6ee9b1096e312e8573
Details md5 3 
133a159e86ff48c59e79e67a3b740c1e
Details md5 3 
328ba584bd06c3083e3a66cb47779eac
Details md5 3 
65cf35ddcb42c6ff5dc56d6259cc05f3
Details md5 3 
90508ff4d2fc7bc968636c716d84e6b4
Details md5 3 
dd138a8bc1d4254fed9638989da38ab1
Details MITRE ATT&CK Techniques 67 
T1003.003
Details MITRE ATT&CK Techniques 173 
T1003.001
Details MITRE ATT&CK Techniques 275 
T1053.005
Details MITRE ATT&CK Techniques 306 
T1078
Details MITRE ATT&CK Techniques 227 
T1574.002
Details MITRE ATT&CK Techniques 25 
T1111
Details MITRE ATT&CK Techniques 38 
T1550.002
Details MITRE ATT&CK Techniques 59 
T1055.001
Details MITRE ATT&CK Techniques 5 
T1556.001
Details MITRE ATT&CK Techniques 191 
T1133
Details MITRE ATT&CK Techniques 460 
T1059.001
Details MITRE ATT&CK Techniques 333 
T1059.003
Details MITRE ATT&CK Techniques 174 
T1569.002
Details MITRE ATT&CK Techniques 310 
T1047
Details MITRE ATT&CK Techniques 504 
T1140
Details MITRE ATT&CK Techniques 32 
T1036.003
Details MITRE ATT&CK Techniques 183 
T1036.005
Details MITRE ATT&CK Techniques 92 
T1070.001
Details MITRE ATT&CK Techniques 297 
T1070.004
Details MITRE ATT&CK Techniques 93 
T1070.006
Details MITRE ATT&CK Techniques 49 
T1110.003
Details MITRE ATT&CK Techniques 12 
T1110.004
Details MITRE ATT&CK Techniques 179 
T1087
Details MITRE ATT&CK Techniques 72 
T1087.001
Details MITRE ATT&CK Techniques 99 
T1087.002
Details MITRE ATT&CK Techniques 585 
T1083
Details MITRE ATT&CK Techniques 176 
T1135
Details MITRE ATT&CK Techniques 433 
T1057
Details MITRE ATT&CK Techniques 501 
T1012
Details MITRE ATT&CK Techniques 1006 
T1082
Details MITRE ATT&CK Techniques 245 
T1016
Details MITRE ATT&CK Techniques 230 
T1033
Details MITRE ATT&CK Techniques 86 
T1124
Details MITRE ATT&CK Techniques 29 
T1217
Details MITRE ATT&CK Techniques 124 
T1482
Details MITRE ATT&CK Techniques 168 
T1046
Details MITRE ATT&CK Techniques 65 
T1069
Details MITRE ATT&CK Techniques 243 
T1018
Details MITRE ATT&CK Techniques 119 
T1049
Details MITRE ATT&CK Techniques 100 
T1007
Details MITRE ATT&CK Techniques 118 
T1570
Details MITRE ATT&CK Techniques 139 
T1021.002
Details MITRE ATT&CK Techniques 160 
T1021.001
Details MITRE ATT&CK Techniques 59 
T1021.004
Details MITRE ATT&CK Techniques 30 
T1021.006
Details MITRE ATT&CK Techniques 116 
T1560.001
Details MITRE ATT&CK Techniques 111 
T1119
Details MITRE ATT&CK Techniques 534 
T1005
Details MITRE ATT&CK Techniques 49 
T1074.001
Details MITRE ATT&CK Techniques 20 
T1074.002
Details MITRE ATT&CK Techniques 16 
T1213.002
Details MITRE ATT&CK Techniques 67 
T1039
Details MITRE ATT&CK Techniques 34 
T1114.001
Details MITRE ATT&CK Techniques 442 
T1071.001
Details MITRE ATT&CK Techniques 52 
T1071.004
Details MITRE ATT&CK Techniques 74 
T1573.002
Details MITRE ATT&CK Techniques 95 
T1572
Details MITRE ATT&CK Techniques 102 
T1020
Details MITRE ATT&CK Techniques 36 
T1030
Details MITRE ATT&CK Techniques 422 
T1041
Details MITRE ATT&CK Techniques 100 
T1567.002
Details Threat Actor Identifier - APT 31 
APT30