admin@338

· ATT&CK GroupG0018

Techniques

Software

Tactics

Aliases

Description

admin@338 is a China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in financial, economic, and trade policy, typically using publicly available RATs such as PoisonIvy, as well as some non-public backdoors. (Citation: FireEye admin@338)

Tactic Coverage

discovery (7)execution (3)stealth (1)initial access (1)

Techniques Used (12)

T1007System Service Discovery

discovery

T1016System Network Configuration Discovery

discovery

T1036.005Match Legitimate Resource Name or Location

stealth

T1049System Network Connections Discovery

discovery

T1059.003Windows Command Shell

execution

Registration Required

Create a free account to access full Threat Actor Techniques

Showing 5 of 12 results

✓ Personal dashboard✓ Track 1 vendor/product✓ 1 keyword alert✓ Weekly digest✓ 1 CSV export/month

Already have an account? Sign in →

Software Used (7)

S0043BUBBLEWRAPmalware S0042LOWBALLmalware S0039Nettool S0012PoisonIvymalware S0096Systeminfotool S0100ipconfigtool S0104netstattool

References (3)

https://attack.mitre.org/groups/G0018 https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html