Description
[APT1](https://attack.mitre.org/groups/G0006) is a Chinese threat group that has been attributed to the 2nd Bureau of the People’s Liberation Army (PLA) General Staff Department’s (GSD) 3rd Department, commonly known by its Military Unit Cover Designator (MUCD) as Unit 61398. (Citation: Mandiant APT1)
Techniques Used (TTPs)
- T1003.001 — LSASS Memory (credential-access)
- T1057 — Process Discovery (discovery)
- T1005 — Data from Local System (collection)
- T1550.002 — Pass the Hash (defense-evasion, lateral-movement)
- T1583.001 — Domains (resource-development)
- T1560.001 — Archive via Utility (collection)
- T1119 — Automated Collection (collection)
- T1114.002 — Remote Email Collection (collection)
- T1566.002 — Spearphishing Link (initial-access)
- T1016 — System Network Configuration Discovery (discovery)
- T1114.001 — Local Email Collection (collection)
- T1588.001 — Malware (resource-development)
- T1049 — System Network Connections Discovery (discovery)
- T1585.002 — Email Accounts (resource-development)
- T1584.001 — Domains (resource-development)
- T1036.005 — Match Legitimate Resource Name or Location (defense-evasion)
- T1087.001 — Local Account (discovery)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1135 — Network Share Discovery (discovery)
- T1059.003 — Windows Command Shell (execution)
- T1588.002 — Tool (resource-development)
- T1007 — System Service Discovery (discovery)
- T1021.001 — Remote Desktop Protocol (lateral-movement)
Total TTPs: 23