← threatfilter.dev / all groups / Ke3chang

Ke3chang

G0004 China Espionage MITRE ATT&CK →

Also known as: APT15 · Mirage · Vixen Panda · GREF · Playful Dragon · RoyalAPT · NICKEL · Nylon Typhoon

Overview

Ke3chang is a threat group attributed to actors operating out of China. Ke3chang has targeted oil, government, diplomatic, military, and NGOs in Central and South America, the Caribbean, Europe, and North America since at least 2010.

Targets

Government

Regions

European Union · Germany · India · United Kingdom

Capabilities

Exploitation of public-facing / client applications — ATT&CK T1190
Custom malware/implant development — ATT&CK: 3 attributed custom malware families

TTPs — 46 techniques across 11 tactics

Resource Development

T1583.005 Botnet
T1587.001 Malware
T1588.002 Tool

Collection

Command and Control

T1071.001 Web Protocols
T1071.004 DNS
T1105 Ingress Tool Transfer

Exfiltration

T1020 Automated Exfiltration
T1041 Exfiltration Over C2 Channel

Tools & malware (11)

Ping · Okrum · Systeminfo · netstat · spwebmember · Mimikatz · Tasklist · MirageFox · Net · Neoichor · ipconfig

Reporting (3)

How Microsoft names threat actors — Microsoft
NICKEL targeting government organizations across Latin America and Europe — MSTIC
MirageFox: APT15 Resurfaces With New Tools Based On Old Ones — Rosenberg, J

Overview

Targets

Regions

Capabilities

TTPs — 46 techniques across 11 tactics

Resource Development

Initial Access

Execution

Persistence

Stealth

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Tools & malware (11)

Reporting (3)