APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
APT5 (aka UNC2630, Mulberry Typhoon) · APT Atlas
Actors
/
Nation-state / APT
/
Asia
APT5
APT
CN · China
AKA
UNC2630 · Mulberry Typhoon · Poisoned Flight
Microsoft
:
MANGANESE
CrowdStrike
:
KEYHOLE PANDA
Secureworks
:
BRONZE FLEETWOOD
Targets
15
Sectors
6
Threat types
1
GIRs covered
0/480
Active since
2007
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 15 countries
Region filter
Export
origin · China
targeted countries · 15
OCEANIA ·
1
Australia
EUROPE ·
9
Belgium
·
Switzerland
·
Germany
·
France
·
United Kingdom
·
Ireland
·
Italy
·
Norway
·
Sweden
AMERICAS ·
2
Canada
·
United States
ASIA ·
3
Japan
·
South Korea
·
Taiwan
Sectors targeted
6 of 40
Government
83 actors
Defense
60 actors
Aerospace
49 actors
Technology
51 actors
Telecom
57 actors
Dissidents (as targets)
14 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
ESP · Espionage
MITRE ATT&CK · 22 techniques
Resource Development
· 1
T1583.005
Botnet
Initial Access
· 1
T1190
Exploit Public-Facing Application
Execution
· 3
T1053.003
Cron
T1059.001
PowerShell
Persistence
· 1
T1554
Compromise Host Software Binary
Credential Access
· 2
T1003.001
LSASS Memory
Discovery
· 4
T1049
System Network Connections Discovery
Lateral Movement
· 2
T1021.001
Remote Desktop Protocol
T1021.004
SSH
Collection
· 1
T1560.001
Archive via Utility
Defense Impairment
· 1
T1685
Disable or Modify Tools
Stealth
· 6
T1036.005
Match Legitimate Resource Name or Location
T1055
Process Injection
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
APT21
nation-state
China · 5 targets · since 2010
T1059.003
Windows Command Shell
T1003.002
Security Account Manager
T1057
Process Discovery
T1083
File and Directory Discovery
T1654
Log Enumeration
T1070
Indicator Removal
T1070.004
File Deletion
T1078.002
Domain Accounts
T1078.004
Cloud Accounts