APT17

APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. [1]

ID: G0025
Aliases: APT17, Deputy Dog
Version: 1.0

Alias Descriptions

NameDescription
APT17[1]
Deputy Dog[1]

Techniques Used

DomainIDNameUse
PRE-ATT&CKT1341Build social network personaAPT17 posted in forum threads and created profile pages in Microsoft TechNet.[1]
PRE-ATT&CKT1342Develop social network persona digital footprintAPT17 created biographical sections on TechNet profile pages to appear more legitimate.[1]
PRE-ATT&CKT1331Obfuscate infrastructureAPT17 obfuscated infrastructure using a multi-layered malware beaconing approach. [1]

Software

IDNameTechniques
S0069BLACKCOFFEECommand-Line Interface, File and Directory Discovery, File Deletion, Multi-Stage Channels, Process Discovery, Web Service

References