APT 41: Techniques Based on MITRE

APT41(Double Dragon APT41, a dual espionage and cybercrime operation)

APT41 is a group that carries out Chinese state-sponsored espionage activity in addition to financially motivated activity. APT41 has been active since as early as 2012. The group has been observed targeting healthcare, telecom, technology, and video game industries in 14 countries

source:https://content.fireeye.com/apt-41/rpt-apt41

The Techniques:

The TTPs used by APT41 based on the research and collaboration that MITRE has developed are as follows:

1. Initial Access:

a. Exploit Public- Facing Application

b. External remote resources

c. Valid Accounts

d. Phishing

i. Spear Phishing Attachment

e. Supply Chain Compromise

i. Compromise Software Supply Chain

f. Valid Accounts

2. Execution:

a. Exploitation for Client Execution

i. PowerShell

ii. Unix Shell

iii. Windows Command Shell

b. Scheduled Task/Job