Introduction
APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. FireEye APT17
Activities and Tactics
Targeted Sectors: Defense, Intelligence, Technology, Mining, Government, Administration, Justice, Government, Private sector, Civil society
Country of Origin: π¨π³ China
Risk Level: High
First Seen: 2013
Last Activity: 2018
Incident Type: Espionage
Suspected Victims: United States, Netherlands, Italy, Japan, United Kingdom, Belgium, Russia, Indonesia, Germany, Switzerlandβ¦
Notable Campaigns
- Ephemeral Hydra
Tactics, Techniques, and Procedures (TTPs)
ATT&CK technique IDs (denormalized)
Notable Indicators of Compromise (IOCs)
No atomic indicators are listed in this profile. The APTnotes snapshot indexes 3 public reports that may contain IOCs; see Source Attribution for dataset links.
Malware and Tools
- China Chopper
- BLACKCOFFEE:
- WEBCnC:
- Joy RAT:
- PlugX:
- Trojan.Naid:
- Backdoor.Moudoor:
- Backdoor.Vasport:
- Backdoor.Boda:
- Trojan.Hydraq:
- ZxShell:
- Sakula:
- China Chopper:
- DestroyRAT:
MITRE ATT&CK Software
Attribution and Evidence
Country of Origin: China Additional attribution information pending cataloguing.
References
[1] mitre-attack [4] FireEye APT17 FireEye Labs/FireEye Threat Intelligence. (2015, May 14). Hiding in Plain Sight: FireEye and Microsoft Expose Obfuscation Tactic. Retrieved November 17, 2024.