JUST RELEASED: ATT&CK for Industrial Control Systems
GROUPS
GROUPS
A-B
C-D
E-F
G-H
I-J
No groups
K-L
M-N
O-P
Q-R
S-T
U-V
No groups
W-X
Y-Z
No groups
  1. Home
  2. Groups
  3. APT17

APT17

APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. [1]

ID: G0025
Associated Groups: Deputy Dog
Version: 1.0
Created: 31 May 2017
Last Modified: 22 March 2019

Associated Group Descriptions

Name Description
Deputy Dog [1]

Techniques Used

Domain ID Name Use
PRE-ATT&CK T1341 Build social network persona

APT17 posted in forum threads and created profile pages in Microsoft TechNet.[1]
PRE-ATT&CK T1342 Develop social network persona digital footprint

APT17 created biographical sections on TechNet profile pages to appear more legitimate.[1]
PRE-ATT&CK T1331 Obfuscate infrastructure

APT17 obfuscated infrastructure using a multi-layered malware beaconing approach.[1]

Software

ID Name References Techniques
S0069 BLACKCOFFEE [1] Command-Line Interface, File and Directory Discovery, File Deletion, Multi-Stage Channels, Process Discovery, Web Service

References

  1. FireEye Labs/FireEye Threat Intelligence. (2015, May 14). Hiding in Plain Sight: FireEye and Microsoft Expose Obfuscation Tactic. Retrieved January 22, 2016.