APT31
· Published 16/12/2025 19:39 · Modified 29/03/2026 07:37
· Source: The MITRE Corporation
Essential information
- Confidence
- 100/100
- Published
- 16/12/2025 19:39
- Modified
- 29/03/2026 07:37
- Updated at
- 29/03/2026 07:37
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 60 attack patterns (mitre), 15 malware, 7 sectors, 2 countries, 66 indicators
Aliases
Violet Typhoon ZIRCONIUM
Description
[ZIRCONIUM](https://attack.mitre.org/groups/G0128) is a threat group operating out of China, active since at least 2017, that has targeted individuals associated with the 2020 US presidential election and prominent leaders in the international affairs community.(Citation: Microsoft Targeting Elections September 2020)(Citation: Check Point APT31 February 2021)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
22 MITREs 9 Malwares 6 Observables 1 APT
Attack patterns (MITRE) (60)
-
T1027.002 usesSoftware Packing MITRE
-
T1057 usesProcess Discovery MITRE
-
T1059.003 usesWindows Command Shell MITRE
-
T1083 usesFile and Directory Discovery MITRE
-
T1136 usesCreate Account MITRE
-
T1003 usesOS Credential Dumping MITRE
-
T1112 usesModify Registry MITRE
-
T1070.006 usesTimestomp MITRE
-
T1547.001 usesRegistry Run Keys / Startup Folder MITRE
-
T1566.001 usesSpearphishing Attachment MITRE
-
T1587.002 MITRE
-
T1001 usesData Obfuscation MITRE
Malware (15)
-
COFFProxy usesFamily
-
CloudyLoader usesFamily
-
AufTime usesFamily
-
YaRAT uses
-
EvilOSX uses
-
OneDriveDoor usesFamily
-
YaLeak usesFamily
-
LocalPlugx usesFamily
-
DropDoor uses
-
RAWDOOR uses
-
Trochilus usesFamily
-
Rekoobe usesFamily
Sectors (7)
-
Technology targets
-
Judicial power (justice) targets
-
Government targets
-
Finance targets
-
Telco targets
-
Defense targets
-
Research targets
Countries (2)
-
United States of America targets
-
Russian Federation targets
Indicators (66)
-
https://img.spoolsv.cc/seed.phpindicatesstix 100/100 Revoked· Valid until 28/03/2026 · Source: AlienVault -
stix 100/100· Valid until 24/11/2026 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 15/11/2023 · Source: AlienVault
-
stix 100/100 Revoked
#Lowfi:Lua:Mampa:99!ml SHA256 of d1cc0f861f162dfbf9df1493fe861d02b80483f6
· Valid until 15/11/2023 · Source: AlienVault -
stix 100/100 Revoked· Valid until 20/07/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 15/11/2023 · Source: AlienVault
-
https://img.spoolsv.net/seed.phpindicatesstix 100/100 Revoked· Valid until 28/03/2026 · Source: AlienVault -
stix 100/100 Revoked· Valid until 20/07/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 20/07/2025 · Source: AlienVault