shield Threat Intelligence Platform

APT Groups & MITRE ATT&CK Mapping

Interactive platform mapping Advanced Persistent Threat groups to MITRE ATT&CK tactics and techniques. Explore TTPs, campaigns, and adversary behaviors.

public Regional Coverage

🇷🇺
Russia
3 APTs
🇨🇳
China
2 APTs
🇰🇵
North Korea
2 APTs
🇮🇷
Iran
3 APTs
🇮🇳
India
3 APTs
🇵🇰
Pakistan
2 APTs
15
APT Groups
42
ATT&CK Techniques
14
Tactics
156
Technique Mappings

MITRE ATT&CK Enterprise Matrix

1-2 APTs
3-4 APTs
5-6 APTs
7-8 APTs
9+ APTs
Recon
Resource Dev
Initial Access
Execution
Persistence
Priv Esc
Defense Evasion
Cred Access
Discovery
Lateral Move
Collection
C2
Exfiltration
Impact
Top 1
T1595
Active Scanning
T1583
Acquire Infrastructure
T1566
Phishing
15
T1059
Command and Scripting Interpreter
14
T1547
Boot or Logon Autostart
4
T1068
Exploitation for Privilege Escalation
1
T1027
Obfuscated Files or Information
8
T1003
OS Credential Dumping
11
T1082
System Information Discovery
9
T1021
Remote Services
3
T1005
Data from Local System
2
T1071
Application Layer Protocol
7
T1041
Exfiltration Over C2 Channel
12
T1486
Data Encrypted for Impact
2
Top 2
T1190
Exploit Public-Facing Application
7
T1203
Exploitation for Client Execution
4
T1053
Scheduled Task/Job
4
T1078
Valid Accounts
3
T1055
Process Injection
2
T1110
Brute Force
1
T1083
File and Directory Discovery
5
T1210
Exploitation of Remote Services
1
T1056
Input Capture
1
T1573
Encrypted Channel
T1048
Exfiltration Over Alternative Protocol
T1490
Inhibit System Recovery
2
Top 3

APT Group Profiles

RU

APT28

Fancy Bear, Sofacy, Sednit
RU Russia
date_rangeActive since 2004
speedSophistication: Advanced
gps_fixed6 ATT&CK Techniques
Russian military intelligence threat group targeting government, military, and security organizations.
T1566T1059T1027T1003T1071T1041
RU

APT29

Cozy Bear, The Dukes, CozyDuke
RU Russia
date_rangeActive since 2008
speedSophistication: Advanced
gps_fixed8 ATT&CK Techniques
Russian intelligence threat group known for stealthy, long-term operations and custom malware.
T1566T1190T1059T1055T1003T1082
CN

APT1

Comment Crew, Byzantine Candor
CN China
date_rangeActive since 2006
speedSophistication: Moderate
gps_fixed8 ATT&CK Techniques
Chinese cyber espionage unit known for intellectual property theft and long-running campaigns.
T1566T1190T1059T1053T1003T1083
KP

Lazarus Group

Hidden Cobra, Guardians of Peace
KP North Korea
date_rangeActive since 2009
speedSophistication: Advanced
gps_fixed8 ATT&CK Techniques
North Korean state-sponsored group involved in cybercrime, espionage, and destructive attacks.
T1566T1203T1059T1547T1027T1486
KP

APT38

BlueNoroff, Stardust Chollima
KP North Korea
date_rangeActive since 2014
speedSophistication: Advanced
gps_fixed7 ATT&CK Techniques
North Korean financially motivated group targeting banks and cryptocurrency exchanges.
T1566T1190T1059T1078T1003T1021
RU

Sandworm Team

BlackEnergy, Voodoo Bear
RU Russia
date_rangeActive since 2009
speedSophistication: Advanced
gps_fixed7 ATT&CK Techniques
Russian military unit known for destructive attacks on critical infrastructure.
T1566T1190T1059T1068T1210T1486
CN

APT41

Barium, Winnti, Wicked Panda
CN China
date_rangeActive since 2012
speedSophistication: Advanced
gps_fixed8 ATT&CK Techniques
Chinese state-sponsored group conducting espionage and financially motivated cybercrime.
T1566T1190T1203T1547T1027T1003
IR

APT33

Elfin, Holmium
IR Iran
date_rangeActive since 2013
speedSophistication: Moderate
gps_fixed7 ATT&CK Techniques
Iranian threat group targeting aerospace and energy sectors.
T1566T1190T1059T1053T1003T1082
IR

APT34

OilRig, Helix Kitten, Cobalt Gypsy
IR Iran
date_rangeActive since 2014
speedSophistication: Moderate
gps_fixed8 ATT&CK Techniques
Iranian group focused on Middle Eastern governments and oil and gas targets.
T1566T1059T1053T1027T1003T1083
IR

APT39

Chafer, Remix Kitten
IR Iran
date_rangeActive since 2014
speedSophistication: Moderate
gps_fixed8 ATT&CK Techniques
Iranian cyber espionage group targeting telecom and travel sectors for surveillance.
T1566T1190T1059T1078T1003T1082
IN

Sidewinder

T-APT-04, Rattlesnake, APT-C-17
IN India
date_rangeActive since 2012
speedSophistication: Advanced
gps_fixed9 ATT&CK Techniques
Indian state-sponsored APT group targeting Pakistan and China with spear-phishing and custom malware.
T1566T1059T1203T1547T1027T1082
IN

Patchwork

Dropping Elephant, Chinastrats, APT-C-09
IN India
date_rangeActive since 2015
speedSophistication: Moderate
gps_fixed9 ATT&CK Techniques
Indian cyber espionage group using spear-phishing and malicious documents.
T1566T1203T1059T1053T1027T1003
IN

Confucius

Confucius APT
IN India
date_rangeActive since 2013
speedSophistication: Moderate
gps_fixed8 ATT&CK Techniques
Indian APT group focused on military and government intelligence gathering.
T1566T1059T1547T1027T1003T1082
PK

Transparent Tribe

APT36, Mythic Leopard, ProjectM
PK Pakistan
date_rangeActive since 2013
speedSophistication: Moderate
gps_fixed9 ATT&CK Techniques
Pakistani state-sponsored APT group targeting Indian military, government, and diplomatic entities.
T1566T1059T1056T1110T1003T1082
PK

Gorgon Group

Operational Cluster
PK Pakistan
date_rangeActive since 2017
speedSophistication: Moderate
gps_fixed8 ATT&CK Techniques
Pakistani group targeting government, corporate, and critical infrastructure organizations.
T1566T1059T1055T1027T1078T1082