APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
APT39 (aka ITG07, Chafer) · APT Atlas
Actors
/
Nation-state / APT
/
Asia
APT39
APT
IR · Iran
AKA
ITG07 · Chafer · Remexi
CrowdStrike
:
REMIX KITTEN
Microsoft
:
PHOSPHORUS
Secureworks
:
COBALT HICKMAN
Targets
15
Sectors
5
Threat types
1
GIRs covered
0/480
Active since
2014
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 15 countries
Region filter
Export
origin · Iran
targeted countries · 15
ASIA ·
12
United Arab Emirates
·
Bahrain
·
Israel
·
Iraq
·
Iran
·
Jordan
·
Kuwait
·
Macau
·
Qatar
·
Saudi Arabia
·
Thailand
·
Türkiye
OCEANIA ·
1
Australia
EUROPE ·
1
Spain
AMERICAS ·
1
United States
Sectors targeted
5 of 40
Aviation
19 actors
Technology
51 actors
Telecom
57 actors
Hospitality
26 actors
Transport & Logistics
6 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
ESP · Espionage
MITRE ATT&CK · 42 techniques
Initial Access
· 3
T1190
Exploit Public-Facing Application
T1566.001
Spearphishing Attachment
T1566.002
Spearphishing Link
Execution
· 7
T1053.005
Scheduled Task
Persistence
· 2
Credential Access
· 4
T1003
OS Credential Dumping
Discovery
· 6
T1012
Query Registry
T1018
Remote System Discovery
Lateral Movement
· 3
T1021.001
Remote Desktop Protocol
T1021.002
Collection
· 5
T1005
Data from Local System
T1056
Input Capture
T1113
Screen Capture
Exfiltration
· 1
T1041
Exfiltration Over C2 Channel
Command And Control
· 5
T1071.001
Web Protocols
T1071.004
DNS
Stealth
· 6
T1027.002
Software Packing
T1036.005
Match Legitimate Resource Name or Location
T1070.004
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT5
nation-state
China · 15 targets · since 2007
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
T1059
Command and Scripting Interpreter
T1059.001
PowerShell
T1059.005
Visual Basic
T1059.006
Python
T1059.010
AutoHotKey & AutoIT
T1204.001
Malicious Link
T1547.001
Registry Run Keys / Startup Folder
T1547.009
Shortcut Modification
T1003.001
LSASS Memory
T1110
Brute Force
T1555
Credentials from Password Stores
T1033
System Owner/User Discovery
T1046
Network Service Discovery
T1083
File and Directory Discovery
T1135
Network Share Discovery
SMB/Windows Admin Shares
T1021.004
SSH
T1115
Clipboard Data
T1560.001
Archive via Utility
T1090.001
Internal Proxy
T1102.002
Bidirectional Communication
T1105
Ingress Tool Transfer
File Deletion
T1078
Valid Accounts
T1140
Deobfuscate/Decode Files or Information
T1197
BITS Jobs