NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / Chimera

Chimera

G0114 China MITRE ATT&CK →

Overview

Chimera is a suspected China-based threat group that has been active since at least 2018 targeting the semiconductor industry in Taiwan as well as data from the airline industry.

TTPs — 59 techniques across 12 tactics

Reconnaissance

T1589.001 Credentials

Resource Development

T1588.002 Tool

Execution

T1047 Windows Management Instrumentation
T1053.005 Scheduled Task
T1059.001 PowerShell
T1059.003 Windows Command Shell
T1106 Native API
T1569.002 Service Execution

Persistence

T1133 External Remote Services

Stealth

T1027.010 Command Obfuscation
T1036.005 Match Legitimate Resource Name or Location
T1070.004 File Deletion
T1070.006 Timestomp
T1078 Valid Accounts
T1078.002 Domain Accounts
T1574.001 DLL

Defense Impairment

T1556.001 Domain Controller Authentication
T1685.005 Clear Windows Event Logs

Credential Access

T1003.003 NTDS
T1110.003 Password Spraying
T1110.004 Credential Stuffing
T1111 Multi-Factor Authentication Interception

Discovery

T1007 System Service Discovery
T1012 Query Registry
T1016 System Network Configuration Discovery
T1018 Remote System Discovery
T1033 System Owner/User Discovery
T1046 Network Service Discovery
T1049 System Network Connections Discovery
T1057 Process Discovery
T1069.001 Local Groups
T1083 File and Directory Discovery
T1087.001 Local Account
T1087.002 Domain Account
T1124 System Time Discovery
T1135 Network Share Discovery
T1201 Password Policy Discovery
T1217 Browser Information Discovery
T1482 Domain Trust Discovery
T1680 Local Storage Discovery

Lateral Movement

Collection

Command and Control

T1071.001 Web Protocols
T1071.004 DNS
T1105 Ingress Tool Transfer
T1572 Protocol Tunneling

Exfiltration

T1041 Exfiltration Over C2 Channel
T1567.002 Exfiltration to Cloud Storage

Tools & malware (6)

PsExec · BloodHound · esentutl · Net · Mimikatz · Cobalt Strike

Reporting (2)

Abusing cloud services to fly under the radar — Jansen, W
APT Group Chimera - APT Operation Skeleton key Targets Taiwan Semiconductor Vendors — Cycraft