Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!
GROUPS Overview admin@338 APT1 APT12 APT16 APT17 APT18 APT19 APT28 APT29 APT3 APT30 APT32 APT33 APT37 Axiom BlackOasis BRONZE BUTLER Carbanak Charming Kitten Cleaver Cobalt Group CopyKittens Dark Caracal Darkhotel DarkHydrus Deep Panda Dragonfly Dragonfly 2.0 DragonOK Dust Storm Elderwood Equation FIN10 FIN5 FIN6 FIN7 FIN8 Gamaredon Group GCMAN Gorgon Group Group5 Honeybee Ke3chang Lazarus Group Leafminer Leviathan Lotus Blossom Magic Hound menuPass Moafee Molerats MuddyWater Naikon NEODYMIUM Night Dragon OilRig Orangeworm Patchwork PittyTiger PLATINUM Poseidon Group PROMETHIUM Putter Panda Rancor RTM Sandworm Team Scarlet Mimic Sowbug Stealth Falcon Strider Suckfly TA459 Taidoor Threat Group-1314 Threat Group-3390 Thrip Turla Winnti Group
  1. Home
  2. Groups
  3. APT30

APT30

APT30 is a threat group suspected to be associated with the Chinese government. [1] While Naikon shares some characteristics with APT30, the two groups do not appear to be exact matches. [2]

ID: G0013
Aliases: APT30
Version: 1.0

Alias Descriptions

NameDescription
APT30[1] [2]

Software

IDNameTechniques
S0031BACKSPACECommand-Line Interface, Connection Proxy, Data Obfuscation, Disabling Security Tools, Exfiltration Over Command and Control Channel, File and Directory Discovery, Modify Registry, Multi-Stage Channels, Process Discovery, Query Registry, Registry Run Keys / Startup Folder, Shortcut Modification, Standard Application Layer Protocol, System Information Discovery
S0036FLASHFLOODData Encrypted, Data from Local System, Data from Removable Media, Data Staged, File and Directory Discovery, Registry Run Keys / Startup Folder
S0034NETEAGLECommand-Line Interface, Custom Command and Control Protocol, Exfiltration Over Command and Control Channel, Fallback Channels, File and Directory Discovery, Process Discovery, Registry Run Keys / Startup Folder, Standard Application Layer Protocol, Standard Cryptographic Protocol, Standard Non-Application Layer Protocol
S0028SHIPSHAPERegistry Run Keys / Startup Folder, Replication Through Removable Media, Shortcut Modification
S0035SPACESHIPData Encrypted, Data Staged, Exfiltration Over Physical Medium, File and Directory Discovery, Registry Run Keys / Startup Folder, Shortcut Modification

References

  1. FireEye Labs. (2015, April). APT30 AND THE MECHANICS OF A LONG-RUNNING CYBER ESPIONAGE OPERATION. Retrieved May 1, 2015.
  1. Baumgartner, K., Golovkin, M.. (2015, May 14). The Naikon APT. Retrieved January 14, 2015.