APT3

APT / StateG0022
OriginChina
Techniques (MITRE ATT&CK)44
SourceMITRE ATT&CK
Also known as:Gothic PandaPirpiUPS TeamBuckeyeThreat Group-0110TG-0110

Vexday analysis

APT3 é um grupo de ameaça persistente avançada de origem chinesa (identificador MITRE ATT&CK: G0022), atribuído ao Ministério de Segurança do Estado da China por pesquisadores da área. O grupo é responsável pelas campanhas conhecidas como Operation Clandestine Fox, Operation Clandestine Wolf e Operation Double Tap, tendo deslocado seu foco, a partir de junho de 2015, de vítimas predominantemente norte-americanas para organizações políticas em Hong Kong. Também rastreado pelos aliases Gothic Panda, Pirpi, UPS Team, Buckeye, Threat Group-0110 e TG-0110, o grupo possui 44 técnicas documentadas no MITRE ATT&CK e tem 2 CVEs atribuídas à sua atuação.

Techniques (MITRE ATT&CK) 44

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Initial access
Spearphishing Link
Execution
Scheduled TaskPowerShellWindows Command ShellExploitation for Client ExecutionMalicious Link
Persistence
Additional Local or Domain GroupsLocal AccountWindows ServiceRegistry Run Keys / Startup Folder
Privilege escalation
Accessibility Features
Credential access
LSASS MemoryPassword CrackingCredentials In FilesCredentials from Web Browsers
Discovery
System Network Configuration DiscoveryRemote System DiscoverySystem Owner/User DiscoverySystem Network Connections DiscoveryProcess DiscoveryPermission Groups DiscoverySystem Information DiscoveryFile and Directory DiscoveryLocal Account
Lateral movement
Remote Desktop ProtocolSMB/Windows Admin Shares
Collection
Data from Local SystemKeyloggingLocal Data StagingArchive via Utility
Command and control
External ProxyNon-Application Layer ProtocolMulti-Stage ChannelsIngress Tool Transfer
Exfiltration
Exfiltration Over C2 Channel
stealth
Obfuscated Files or InformationSoftware PackingIndicator Removal from ToolsMasquerade Account NameFile DeletionDomain AccountsRundll32Hidden WindowDLL

Exploited vulnerabilities 2

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2015-3113HIGHEPSS 100%KEVCVE-2014-1776CRITICALEPSS 88%KEV

APT3 uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →