APT17

APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. [1]

ID: G0025
Version: 1.0

Associated Group Descriptions

NameDescription
Deputy Dog[1]

Techniques Used

DomainIDNameUse
PRE-ATT&CKT1341Build social network personaAPT17 posted in forum threads and created profile pages in Microsoft TechNet.[1]
PRE-ATT&CKT1342Develop social network persona digital footprintAPT17 created biographical sections on TechNet profile pages to appear more legitimate.[1]
PRE-ATT&CKT1331Obfuscate infrastructureAPT17 obfuscated infrastructure using a multi-layered malware beaconing approach.[1]

Software

IDNameReferencesTechniques
S0069BLACKCOFFEE[1]Command-Line Interface, File and Directory Discovery, File Deletion, Multi-Stage Channels, Process Discovery, Web Service

References