NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / Ke3chang

Ke3chang

G0004 China Espionage MITRE ATT&CK →

Also known as: APT15 · Mirage · Vixen Panda · GREF · Playful Dragon · RoyalAPT · NICKEL · Nylon Typhoon

Overview

Ke3chang is a threat group attributed to actors operating out of China. Ke3chang has targeted oil, government, diplomatic, military, and NGOs in Central and South America, the Caribbean, Europe, and North America since at least 2010.

Targets

Government

Regions

European Union · Germany · India · United Kingdom

Capabilities

  • Exploitation of public-facing / client applications — ATT&CK T1190
  • Custom malware/implant development — ATT&CK: 3 attributed custom malware families

TTPs — 46 techniques across 11 tactics

Resource Development

Initial Access

Credential Access

Lateral Movement

Command and Control

Tools & malware (11)

Ping · Okrum · Systeminfo · netstat · spwebmember · Mimikatz · Tasklist · MirageFox · Net · Neoichor · ipconfig

Reporting (3)