APT16
MISP
Type:
Nation-state
Nation-state
Country:
CN
CN
First seen:
Unknown
Unknown
Details:
Between November 26, 2015, and December 1, 2015, known and suspected China-based APT groups launched several spear-phishing attacks targeting Japanese and Taiwanese organizations in the high-tech, government services, media and financial services industries. Each campaign delivered a malicious Microsoft Word document exploiting the aforementioned EPS dict copy use-after-free vulnerability, and the local Windows privilege escalation vulnerability CVE-2015-1701. The successful exploitation of both vulnerabilities led to the delivery of either a downloader that we refer to as IRONHALO, or a backdoor that we refer to as ELMER.
MITRE ATT&CK:
View on MITRE
Techniques Used (1)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1584.004 | Server | - |
Aliases (210)
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
SVCMONDR
G0023
Related Malware (1)
Metadata
| ID: | 17 |
| Created: | 13/01/2026 17:48 |
| Updated: | 07/03/2026 04:00 |