Trusted Design

APT42

アクターID: G1044

· MITRE Pageへのリンク

脅威アクターの詳細

APT42 is an Iranian-sponsored threat group that conducts cyber espionage and surveillance.(Citation: Mandiant APT42-charms) The group primarily focuses on targets in the Middle East region, but has targeted a variety of industries and countries since at least 2015.(Citation: Mandiant APT42-charms) APT42 starts cyber operations through spearphishing emails and/or the PINEFLOWER Android malware, then monitors and collects information from the compromised systems and devices.(Citation: Mandiant APT42-charms) Finally, APT42 exfiltrates data using native features and open-source tools.(Citation: Mandiant APT42-untangling)

APT42 activities have been linked to Magic Hound by other commercial vendors. While there are behavior and software overlaps between Magic Hound and APT42, they appear to be distinct entities and are tracked as separate entities by their originating vendor.

脅威アクターの別名・別称

APT42

利用した攻撃手法

• T1053.005 - Scheduled Task
• T1047 - Windows Management Instrumentation
• T1156 - Malicious Shell Modification
• T1161 - LC_LOAD_DYLIB Addition
• T1596.003 - Digital Certificates
• T1109 - Component Firmware
• T1218.013 - Mavinject
• T1110.002 - Password Cracking
• T1592.001 - Hardware
• T1543.003 - Windows Service
• T1553.001 - Gatekeeper Bypass
• T1120 - Peripheral Device Discovery
• T1091 - Replication Through Removable Media
• T1098.007 - Additional Local or Domain Groups
• T1583.001 - Domains
• T1059.009 - Cloud API
• T1562.012 - Disable or Modify Linux Audit System
• T1183 - Image File Execution Options Injection
• T1590.006 - Network Security Appliances
• T1677 - Poisoned Pipeline Execution
• T1175 - Component Object Model and Distributed COM
• T1612 - Build Image on Host
• T1497.002 - User Activity Based Checks
• T1199 - Trusted Relationship
• T1599 - Network Boundary Bridging
• T1128 - Netsh Helper DLL
• T1030 - Data Transfer Size Limits
• T1506 - Web Session Cookie
• T1132.002 - Non-Standard Encoding
• T1556.005 - Reversible Encryption
• T1027.010 - Command Obfuscation

関連するCVE (攻撃手法に関連)

• CVE-2014-4114 (T1027.010)
• CVE-2017-0143 (T1027.010)
• CVE-2013-3906 (T1091)
• CVE-2025-55182 (T1091)
• CVE-2023-1389 (T1590.006)
• CVE-2025-13928 (T1132.002)
• CVE-2025-24893 (T1183)
• CVE-2025-34026 (T1590.006)
• CVE-2025-55184 (T1091)
• CVE-2025-68645 (T1562.012)
• CVE-2015-2546 (T1562.012)
• CVE-2014-4113 (T1132.002)
• CVE-2015-1701 (T1132.002)
• CVE-2015-0057 (T1562.012)
• CVE-2015-2360 (T1562.012)
• CVE-2015-0071 (T1091)
• CVE-2015-0310 (T1120)
• CVE-2015-5119 (T1030)
• CVE-2015-5122 (T1590.006)
• CVE-2015-1770 (T1027.010)
• CVE-2012-1856 (T1027.010)
• CVE-2015-2545 (T1059.009)
• CVE-2014-6332 (T1027.010)
• CVE-2017-0199 (T1027.010)
• CVE-2015-3043 (T1590.006)
• CVE-2015-3090 (T1590.006)
• CVE-2015-2590 (T1583.001)
• CVE-2015-2424 (T1091)
• CVE-2015-0097 (T1027.010)
• CVE-2012-0158 (T1027.010)
• CVE-2014-1761 (T1132.002)
• CVE-2015-2502 (T1091)
• CVE-2014-6271 (T1091)
• CVE-2012-1889 (T1091)
• CVE-2016-1010 (T1583.001)
• CVE-2016-0984 (T1590.006)
• CVE-2016-0998 (T1583.001)
• CVE-2015-1641 (T1091)
• CVE-2015-0313 (T1030)
• CVE-2015-0359 (T1583.001)
• CVE-2014-0329 (T1175)
• CVE-2015-5130 (T1583.001)
• CVE-2015-5134 (T1590.006)
• CVE-2015-5539 (T1590.006)
• CVE-2015-5557 (T1590.006)
• CVE-2015-5563 (T1590.006)
• CVE-2015-5559 (T1590.006)
• CVE-2015-5540 (T1590.006)
• CVE-2015-5561 (T1590.006)
• CVE-2015-5551 (T1590.006)
• CVE-2015-5564 (T1590.006)
• CVE-2015-5565 (T1590.006)
• CVE-2015-5550 (T1590.006)
• CVE-2015-5566 (T1590.006)
• CVE-2015-5127 (T1590.006)
• CVE-2015-5556 (T1590.006)
• CVE-2015-3628 (T1590.006)
• CVE-2015-6034 (T1562.012)
• CVE-2015-2852 (T1091)
• CVE-2015-2853 (T1091)
• CVE-2012-4969 (T1497.002)
• CVE-2015-6585 (T1175)
• CVE-2015-6022 (T1562.012)
• CVE-2015-8287 (T1590.006)
• CVE-2016-2343 (T1612)
• CVE-2017-0263 (T1562.012)
• CVE-2017-0261 (T1027.010)
• CVE-2017-0262 (T1027.010)
• CVE-2016-9494 (T1183)
• CVE-2016-9496 (T1183)
• CVE-2016-9495 (T1183)
• CVE-2015-0311 (T1091)
• CVE-2014-6352 (T1027.010)
• CVE-2015-0016 (T1059.009)
• CVE-2010-3081 (T1175)
• CVE-2010-3333 (T1091)
• CVE-2012-3213 (T1091)
• CVE-2012-4792 (T1059.009)
• CVE-2014-0322 (T1027.010)
• CVE-2015-0336 (T1175)
• CVE-2011-3544 (T1091)
• CVE-2014-7911 (T1583.001)
• CVE-2015-3636 (T1175)
• CVE-2013-6282 (T1562.012)
• CVE-2015-3105 (T1030)
• CVE-2017-16929 (T1091)
• CVE-2017-17215 (T1583.001)
• CVE-2013-0074 (T1030)
• CVE-2012-0507 (T1132.002)
• CVE-2013-2465 (T1132.002)
• CVE-2013-2551 (T1590.006)
• CVE-2010-0188 (T1091)
• CVE-2012-4681 (T1030)
• CVE-2014-1776 (T1183)
• CVE-2014-0556 (T1030)
• CVE-2012-1876 (T1183)
• CVE-2012-2539 (T1091)
• CVE-2012-1723 (T1091)
• CVE-2015-1761 (T1612)
• CVE-2014-8440 (T1030)
• CVE-2013-3660 (T1562.012)
• CVE-2010-0806 (T1583.001)
• CVE-2013-7331 (T1059.009)
• CVE-2014-4148 (T1059.009)
• CVE-2011-3402 (T1091)
• CVE-2014-6324 (T1562.012)
• CVE-2014-7247 (T1091)
• CVE-2013-2678 (T1183)
• CVE-2015-2426 (T1091)
• CVE-2008-1436 (T1599)
• CVE-2010-0232 (T1562.012)
• CVE-2010-4398 (T1562.012)
• CVE-2012-6422 (T1030)
• CVE-2013-2595 (T1059.009)
• CVE-2015-4902 (T1091)
• CVE-2014-3897 (T1091)
• CVE-2015-2387 (T1562.012)
• CVE-2009-3129 (T1183)
• CVE-2010-2572 (T1091)
• CVE-2011-1255 (T1583.001)
• CVE-2011-0611 (T1583.001)
• CVE-2013-5990 (T1091)
• CVE-2017-8570 (T1027.010)
• CVE-2012-0611 (T1583.001)
• CVE-2015-2419 (T1091)
• CVE-2016-0189 (T1027.010)
• CVE-2016-4117 (T1091)
• CVE-2017-0001 (T1562.012)
• CVE-2025-31125 (T1183)
• CVE-2025-55183 (T1583.001)
• CVE-2025-66478 (T1098.007)
• CVE-2026-20127 (T1590.006)
• CVE-2026-0723 (T1098.007)
• CVE-2015-8562 (T1562.012)
• CVE-2015-7808 (T1583.001)
• CVE-2015-2854 (T1583.001)
• CVE-2015-7262 (T1562.012)
• CVE-2016-1562 (T1612)
• CVE-2016-6532 (T1612)
• CVE-2017-3212 (T1583.001)
• CVE-2012-1258 (T1030)
• CVE-2014-3153 (T1562.012)
• CVE-2010-2883 (T1583.001)
• CVE-2010-0738 (T1132.002)
• CVE-2014-3393 (T1030)
• CVE-2025-13927 (T1562.012)
• CVE-2026-1102 (T1562.012)
• CVE-2014-4322 (T1059.009)
• CVE-2015-3785 (T1562.012)
• CVE-2015-5897 (T1562.012)
• CVE-2015-3456 (T1590.006)
• CVE-2013-2094 (T1562.012)
• CVE-2016-1990 (T1562.012)
• CVE-2016-1991 (T1562.012)
• CVE-2012-0056 (T1562.012)
• CVE-2014-2273 (T1562.012)
• CVE-2025-13335 (T1562.012)
• CVE-2016-1898 (T1183)
• CVE-2016-1897 (T1183)
• CVE-2016-1287 (T1030)
• CVE-2016-2342 (T1590.006)
• CVE-2014-8439 (T1030)
• CVE-2014-0569 (T1590.006)
• CVE-2015-3113 (T1030)
• CVE-2015-4495 (T1030)
• CVE-2015-5749 (T1132.002)
• CVE-2014-0497 (T1030)
• CVE-2015-1427 (T1132.002)
• CVE-2017-12149 (T1132.002)
• CVE-2014-8361 (T1556.005)

Actor – Pulse グラフ

---

← 脅威アクター一覧に戻る