APT18

G0026 China Espionage MITRE ATT&CK →

Also known as: TG-0416 · Dynamite Panda · Threat Group-0416

Overview

APT18 is a threat group that has operated since at least 2009 and has targeted a range of industries, including technology, manufacturing, human rights groups, government, and medical.

Targets

Aerospace · Civil society · Defense · Government · Healthcare · High-Tech · Private sector · Telecommunications

Regions

United States

Capabilities

Custom malware/implant development — ATT&CK: 4 attributed custom malware families

TTPs — 12 techniques across 5 tactics

Execution

T1053.002 At
T1059.003 Windows Command Shell

Tools & malware (5)

hcdLoader · gh0st RAT · cmd · Pisloader · HTTPBrowser

Reporting (3)

Evasive Maneuvers by the Wekby group with custom ROP-packing and DNS covert channels — Shelmire, A
Evasive Maneuvers — Shelmire, A.
Where you AT?: Indicators of lateral movement using at.exe on Windows 7 systems — Carvey, H.

Overview

Targets

Regions

Capabilities

TTPs — 12 techniques across 5 tactics

Execution

Persistence

Stealth

Discovery

Command and Control

Tools & malware (5)

Reporting (3)