Description
[APT18](https://attack.mitre.org/groups/G0026) is a threat group that has operated since at least 2009 and has targeted a range of industries, including technology, manufacturing, human rights groups, government, and medical. (Citation: Dell Lateral Movement)
Techniques Used (TTPs)
- T1078 — Valid Accounts (defense-evasion, persistence, privilege-escalation, initial-access)
- T1027.013 — Encrypted/Encoded File (defense-evasion)
- T1133 — External Remote Services (persistence, initial-access)
- T1070.004 — File Deletion (defense-evasion)
- T1053.002 — At (execution, persistence, privilege-escalation)
- T1105 — Ingress Tool Transfer (command-and-control)
- T1071.004 — DNS (command-and-control)
- T1082 — System Information Discovery (discovery)
- T1071.001 — Web Protocols (command-and-control)
- T1083 — File and Directory Discovery (discovery)
- T1059.003 — Windows Command Shell (execution)
- T1547.001 — Registry Run Keys / Startup Folder (persistence, privilege-escalation)
Total TTPs: 12
Malware & Tools
Malware: HTTPBrowser, Pisloader, gh0st RAT, hcdLoader
Tools: cmd