admin@338
Aliases: None listed
admin@338 is a China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in financial, economic, and trade policy, typically using publicly available RATs such as PoisonIvy, as well as some non-public backdoors.
Open interactive actor investigation
ATT&CK techniques
T1566.001
Spearphishing AttachmentT1016
System Network Configuration DiscoveryT1036.005
Match Legitimate Name or LocationT1083
File and Directory DiscoveryT1069.001
Local GroupsT1049
System Network Connections DiscoveryT1087.001
Local AccountT1203
Exploitation for Client ExecutionT1007
System Service DiscoveryT1204.002
Malicious FileT1082
System Information DiscoveryT1059.003
Windows Command Shell
Spearphishing AttachmentT1016
System Network Configuration DiscoveryT1036.005
Match Legitimate Name or LocationT1083
File and Directory DiscoveryT1069.001
Local GroupsT1049
System Network Connections DiscoveryT1087.001
Local AccountT1203
Exploitation for Client ExecutionT1007
System Service DiscoveryT1204.002
Malicious FileT1082
System Information DiscoveryT1059.003
Windows Command Shell