Adversary | APT19

Updated: Apr 3, 2021


Also Known As

Shell Crew | Deep Panda | WebMasters | KungFu Kittens | Black Vine | Group 13 | PinkPanther | Sh3llCr3w | Bronze Firestone





Origin

China


Target Countries

Argentina | Australia | Austria | Belgium | Brazil | Canada | Chile | Colombia | Congo | Europe | France | Germany | Ghana | Hungary | India | Indonesia | Italy | Japan | Latvia | Malaysia | Mexico | Middle East North Africa (MENA) | Myanmar | Netherlands | Poland | Portugal | Russian Federation | Singapore | South Africa | South Korea | South East Asia | Spain | Taiwan | United Kingdom | United States | Vietnam | Western Europe


Targeted Verticals

Education

Critical Infrastructure

Financial Services

Government | Military

Telecommunications


MITRE TTPs

Application Layer Protocol: Web Protocols

Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder

Command and Scripting Interpreter

PowerShell

Create or Modify System Process: Windows Service

Data Encoding: Standard Encoding

Deobfuscate/Decode Files or Information

Drive-by Compromise

Hide Artifacts: Hidden Window

Hijack Execution Flow: DLL Side-Loading

Modify Registry

Obfuscated Files or Information

Phishing: Spearphishing Attachment

Signed Binary Proxy Execution: Regsvr32

Signed Binary Proxy Execution: Rundll32

System Information Discovery

System Network Configuration Discovery

System Owner/User Discovery

User Execution: Malicious File

9 views

Related Posts

See All