APT19
Aliases: Codoso, C0d0so0, Codoso Team, Sunshop Group
APT19 is a Chinese-based threat group that has targeted a variety of industries, including defense, finance, energy, pharmaceutical, telecommunications, high tech, education, manufacturing, and legal services. In 2017, a phishing campaign was used to target seven law and investment firms. Some analysts track APT19 and Deep Panda as the same group, but it is unclear from open source information if the groups are the same.
Open interactive actor investigation
ATT&CK techniques
T1547.001
Registry Run Keys / Startup FolderT1059.001
PowerShellT1564.003
Hidden WindowT1016
System Network Configuration DiscoveryT1033
System Owner/User DiscoveryT1218.011
Rundll32T1112
Modify RegistryT1189
Drive-by CompromiseT1543.003
Windows ServiceT1071.001
Web ProtocolsT1059
Command and Scripting InterpreterT1027.013
Encrypted/Encoded FileT1566.001
Spearphishing AttachmentT1204.002
Malicious FileT1082
System Information DiscoveryT1132.001
Standard EncodingT1588.002
ToolT1574.002
DLL Side-LoadingT1218.010
Regsvr32T1140
Deobfuscate/Decode Files or InformationT1027.010
Command Obfuscation
Registry Run Keys / Startup FolderT1059.001
PowerShellT1564.003
Hidden WindowT1016
System Network Configuration DiscoveryT1033
System Owner/User DiscoveryT1218.011
Rundll32T1112
Modify RegistryT1189
Drive-by CompromiseT1543.003
Windows ServiceT1071.001
Web ProtocolsT1059
Command and Scripting InterpreterT1027.013
Encrypted/Encoded FileT1566.001
Spearphishing AttachmentT1204.002
Malicious FileT1082
System Information DiscoveryT1132.001
Standard EncodingT1588.002
ToolT1574.002
DLL Side-LoadingT1218.010
Regsvr32T1140
Deobfuscate/Decode Files or InformationT1027.010
Command Obfuscation