G0022 · 44 ATT&CK techniques · 0 correlated reports

APT3

Aliases: Gothic Panda, Pirpi, UPS Team, Buckeye, Threat Group-0110, TG-0110

APT3 is a China-based threat group that researchers have attributed to China's Ministry of State Security. This group is responsible for the campaigns known as Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap. As of June 2015, the group appears to have shifted from targeting primarily US victims to primarily political organizations in Hong Kong.

Open interactive actor investigation

ATT&CK techniques

T1053.005
Scheduled TaskT1104
Multi-Stage ChannelsT1110.002
Password CrackingT1564.003
Hidden WindowT1555.003
Credentials from Web BrowsersT1059.003
Windows Command ShellT1016
System Network Configuration DiscoveryT1049
System Network Connections DiscoveryT1090.002
External ProxyT1218.011
Rundll32T1027
Obfuscated Files or InformationT1566.002
Spearphishing LinkT1098.007
Additional Local or Domain GroupsT1204.001
Malicious LinkT1041
Exfiltration Over C2 ChannelT1552.001
Credentials In FilesT1074.001
Local Data StagingT1078.002
Domain AccountsT1005
Data from Local SystemT1203
Exploitation for Client ExecutionT1021.002
SMB/Windows Admin SharesT1574.002
DLL Side-LoadingT1087.001
Local AccountT1070.004
File DeletionT1083
File and Directory DiscoveryT1546.008
Accessibility FeaturesT1560.001
Archive via UtilityT1082
System Information DiscoveryT1059.001
PowerShellT1543.003
Windows ServiceT1003.001
LSASS MemoryT1547.001
Registry Run Keys / Startup FolderT1021.001
Remote Desktop ProtocolT1057
Process DiscoveryT1095
Non-Application Layer ProtocolT1069
Permission Groups DiscoveryT1018
Remote System DiscoveryT1056.001
KeyloggingT1036.010
Masquerade Account NameT1027.002
Software PackingT1136.001
Local AccountT1105
Ingress Tool TransferT1033
System Owner/User DiscoveryT1027.005
Indicator Removal from Tools

Correlated CTI and IR reports

Continue the investigation

Interactive ThreatMapper ThreatMapper documentation CTI Analyst Field Manual Israel Threat Actors CTI Anomaly Detection Atlas ITDR Handbook 1200km Medium research