APT 16, SVCMONDR

Description

(FireEye) Between November 26, 2015, and December 1, 2015, known and suspected China-based APT groups launched several spear-phishing attacks targeting Japanese and Taiwanese organizations in the high-tech, government services, media and financial services industries. Each campaign delivered a malicious Microsoft Word document exploiting the aforementioned EPS dict copy use-after-free vulnerability, and the local Windows privilege escalation vulnerability CVE-2015-1701. The successful exploitation of both vulnerabilities led to the delivery of either a downloader that we refer to as IRONHALO, or a backdoor that we refer to as ELMER.

Names

Name	Name-Giver
APT 16	Mandiant
SVCMONDR	Kaspersky

Country

China

Motivation

Information theft and espionage

First Seen

2015

Observed Sectors

Financial
Government
High-Tech
Media

Observed Countries

Japan
Taiwan
Thailand

Tools

ELMER
IRONHALO
SVCMONDR

Information

https://securelist.com/cve-2015-2545-overview-of-current-threats/74828/
https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html

Mitre Attack

https://attack.mitre.org/groups/G0023/

Other Information

Uuid

96d67d0e-dff0-4bbd-99fa-6dbdb433474f

Last Card Change

2020-04-22

Threat Intelligence Garden

Explorer

APT 16, SVCMONDR

APT 16, SVCMONDR

Description

Names

Country

Motivation

First Seen

Observed Sectors

Observed Countries

Tools

Information

Mitre Attack

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks