APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. [1]

ID: G0025
Associated Groups: Deputy Dog
Version: 1.0

Associated Group Descriptions

Name Description
Deputy Dog [1]

Techniques Used

Domain ID Name Use
PRE-ATT&CK T1341 Build social network persona APT17 posted in forum threads and created profile pages in Microsoft TechNet.[1]
PRE-ATT&CK T1342 Develop social network persona digital footprint APT17 created biographical sections on TechNet profile pages to appear more legitimate.[1]
PRE-ATT&CK T1331 Obfuscate infrastructure APT17 obfuscated infrastructure using a multi-layered malware beaconing approach.[1]


ID Name References Techniques
S0069 BLACKCOFFEE [1] Command-Line Interface, File and Directory Discovery, File Deletion, Multi-Stage Channels, Process Discovery, Web Service