APT17
APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. [1]
ID: G0025
Aliases: APT17, Deputy Dog
Version: 1.0
Alias Descriptions
Name | Description |
---|---|
APT17 | [1] |
Deputy Dog | [1] |
Techniques Used
Domain | ID | Name | Use |
---|---|---|---|
PRE-ATT&CK | T1341 | Build social network persona | APT17 posted in forum threads and created profile pages in Microsoft TechNet.[1] |
PRE-ATT&CK | T1342 | Develop social network persona digital footprint | APT17 created biographical sections on TechNet profile pages to appear more legitimate.[1] |
PRE-ATT&CK | T1331 | Obfuscate infrastructure | APT17 obfuscated infrastructure using a multi-layered malware beaconing approach. [1] |
Software
ID | Name | Techniques |
---|---|---|
S0069 | BLACKCOFFEE | Command-Line Interface, File and Directory Discovery, File Deletion, Multi-Stage Channels, Process Discovery, Web Service |