APT30

APT30 is a threat group suspected to be associated with the Chinese government. ^[1] While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches. ^[2]

ID: G0013

Aliases: APT30

Version: 1.0

Alias Descriptions

Name	Description
APT30	^[1] ^[2]

Software

ID	Name	Techniques
S0031	BACKSPACE	Command-Line Interface, Connection Proxy, Data Obfuscation, Disabling Security Tools, Exfiltration Over Command and Control Channel, File and Directory Discovery, Modify Registry, Multi-Stage Channels, Process Discovery, Query Registry, Registry Run Keys / Startup Folder, Shortcut Modification, Standard Application Layer Protocol, System Information Discovery
S0036	FLASHFLOOD	Data Encrypted, Data from Local System, Data from Removable Media, Data Staged, File and Directory Discovery, Registry Run Keys / Startup Folder
S0034	NETEAGLE	Command-Line Interface, Custom Command and Control Protocol, Exfiltration Over Command and Control Channel, Fallback Channels, File and Directory Discovery, Process Discovery, Registry Run Keys / Startup Folder, Standard Application Layer Protocol, Standard Cryptographic Protocol, Standard Non-Application Layer Protocol
S0028	SHIPSHAPE	Registry Run Keys / Startup Folder, Replication Through Removable Media, Shortcut Modification
S0035	SPACESHIP	Data Encrypted, Data Staged, Exfiltration Over Physical Medium, File and Directory Discovery, Registry Run Keys / Startup Folder, Shortcut Modification

References

FireEye Labs. (2015, April). APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION. Retrieved May 1, 2015.

Baumgartner, K., Golovkin, M.. (2015, May 14). The Naikon APT. Retrieved January 14, 2015.