APT30

APT30 is a threat group suspected to be associated with the Chinese government. ^[1] While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches. ^[2]

ID: G0013

Version: 1.0

Software

ID	Name	References	Techniques
S0031	BACKSPACE	^[1]	Command-Line Interface, Connection Proxy, Data Obfuscation, Disabling Security Tools, Exfiltration Over Command and Control Channel, File and Directory Discovery, Modify Registry, Multi-Stage Channels, Process Discovery, Query Registry, Registry Run Keys / Startup Folder, Shortcut Modification, Standard Application Layer Protocol, System Information Discovery
S0036	FLASHFLOOD	^[1]	Data Encrypted, Data from Local System, Data from Removable Media, Data Staged, File and Directory Discovery, Registry Run Keys / Startup Folder
S0034	NETEAGLE	^[1]	Command-Line Interface, Custom Command and Control Protocol, Exfiltration Over Command and Control Channel, Fallback Channels, File and Directory Discovery, Process Discovery, Registry Run Keys / Startup Folder, Standard Application Layer Protocol, Standard Cryptographic Protocol, Standard Non-Application Layer Protocol
S0028	SHIPSHAPE	^[1]	Registry Run Keys / Startup Folder, Replication Through Removable Media, Shortcut Modification
S0035	SPACESHIP	^[1]	Data Encrypted, Data Staged, Exfiltration Over Physical Medium, File and Directory Discovery, Registry Run Keys / Startup Folder, Shortcut Modification

References

FireEye Labs. (2015, April). APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION. Retrieved May 1, 2015.

Baumgartner, K., Golovkin, M.. (2015, May 14). The Naikon APT. Retrieved January 14, 2015.