## APT16 **attack.mitre.org/groups/G0023** 1. [Home](https://attack.mitre.org/) 2. [Groups](https://attack.mitre.org/groups/) 3. APT16 [APT16 is a China-based threat group that has launched spearphishing campaigns targeting](https://attack.mitre.org/groups/G0023) [Japanese and Taiwanese organizations. [1]](https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html) ### ID: G0023 Version: 1.1 Created: 31 May 2017 Last Modified: 12 October 2020 [Version Permalink](https://attack.mitre.org/versions/v11/groups/G0023/) [Live Version](https://attack.mitre.org/versions/v11/groups/G0023/) Enterprise Layer # download view ### Techniques Used **Domain** **ID** **Name** **Use** Enterprise [T1584](https://attack.mitre.org/techniques/T1584) [.004](https://attack.mitre.org/techniques/T1584/004) Compromise [APT16 has compromised otherwise](https://attack.mitre.org/groups/G0023) Infrastructure: legitimate sites as staging servers for [Server](https://attack.mitre.org/techniques/T1584/004) [second-stage payloads.[1]](https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html) ### Software |Domain|ID|Name|Use|Col5| |---|---|---|---|---| |Enterprise|T1584|.004|Compromise Infrastructure: Server|APT16 has compromised otherwise legitimate sites as staging servers for second-stage payloads.[1]| ----- **IDID** **NameName** **ReferencesReferences** **TechniquesTechniques** [[1]](https://www.fireeye.com/blog/threat-research/2015/12/the-eps-awakens-part-two.html) [S0064](https://attack.mitre.org/software/S0064) [ELMER](https://attack.mitre.org/software/S0064) [Application Layer Protocol:](https://attack.mitre.org/techniques/T1071) [Web Protocols,](https://attack.mitre.org/techniques/T1071/001) Commonly Used Port, [File and Directory Discovery,](https://attack.mitre.org/techniques/T1083) Process Discovery ### References 1. Winters, R.. (2015, December 20). The EPS Awakens - Part 2. Retrieved January 22, 2016. |S0064|ELMER|[1]|Application Layer Protocol: Web Protocols, Commonly Used Port, File and Directory Discovery, Process Discovery| |---|---|---|---| -----