| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Between November 26, 2015, and December 1, 2015, known and suspected China-based APT groups launched several spear-phishing attacks targeting Japanese and Taiwanese organizations in the high-tech, government services, media and financial services industries. Each campaign delivered a malicious Microsoft Word document exploiting the aforementioned EPS dict copy use-after-free vulnerability, and the local Windows privilege escalation vulnerability CVE-2015-1701. The successful exploitation of both vulnerabilities led to the delivery of either a downloader that we refer to as IRONHALO, or a backdoor that we refer to as ELMER.
There are currently no families associated with this actor.
| 2022-08-04
⋅
Mandiant
⋅
Advanced Persistent Threats (APTs) APT1 APT10 APT12 APT14 APT15 APT16 APT17 APT18 APT19 APT2 APT20 APT21 APT22 APT23 APT24 APT27 APT3 APT30 APT31 APT4 APT40 APT5 APT9 Naikon |
| 2019-01-01
⋅
Council on Foreign Relations
⋅
APT 16 APT16 |
| 2017-05-31
⋅
MITRE
⋅
APT16 ELMER APT16 |
| 2016-05-25
⋅
Kaspersky Labs
⋅
CVE-2015-2545: overview of current threats APT16 Danti |
| 2015-12-16
⋅
FireEye
⋅
The EPS Awakens IRONHALO APT16 |