APT17
APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. [1]
ID: G0025
Aliases: APT17, Deputy Dog
Version: 1.0
Alias Descriptions
| Name | Description |
|---|---|
| APT17 | [1] |
| Deputy Dog | [1] |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| PRE-ATT&CK | T1341 | Build social network persona | APT17 posted in forum threads and created profile pages in Microsoft TechNet.[1] |
| PRE-ATT&CK | T1342 | Develop social network persona digital footprint | APT17 created biographical sections on TechNet profile pages to appear more legitimate.[1] |
| PRE-ATT&CK | T1331 | Obfuscate infrastructure | APT17 obfuscated infrastructure using a multi-layered malware beaconing approach. [1] |
Software
| ID | Name | Techniques |
|---|---|---|
| S0069 | BLACKCOFFEE | Command-Line Interface, File and Directory Discovery, File Deletion, Multi-Stage Channels, Process Discovery, Web Service |