BackdoorDiplomacy | APT Profile

Description

[BackdoorDiplomacy](https://attack.mitre.org/groups/G0135) is a cyber espionage threat group that has been active since at least 2017. [BackdoorDiplomacy](https://attack.mitre.org/groups/G0135) has targeted Ministries of Foreign Affairs and telecommunication companies in Africa, Europe, the Middle East, and Asia.(Citation: ESET BackdoorDiplomacy Jun 2021)

Techniques Used (TTPs)

T1027 — Obfuscated Files or Information (defense-evasion)
T1505.003 — Web Shell (persistence)
T1190 — Exploit Public-Facing Application (initial-access)
T1588.002 — Tool (resource-development)
T1036.005 — Match Legitimate Resource Name or Location (defense-evasion)
T1055.001 — Dynamic-link Library Injection (defense-evasion, privilege-escalation)
T1105 — Ingress Tool Transfer (command-and-control)
T1074.001 — Local Data Staging (collection)
T1046 — Network Service Discovery (discovery)
T1049 — System Network Connections Discovery (discovery)
T1120 — Peripheral Device Discovery (discovery)
T1095 — Non-Application Layer Protocol (command-and-control)
T1574.001 — DLL (persistence, privilege-escalation, defense-evasion)
T1588.001 — Malware (resource-development)
T1036.004 — Masquerade Task or Service (defense-evasion)

Total TTPs: 15

Malware & Tools

Malware: China Chopper, Turian

Tools: Mimikatz, NBTscan, QuasarRAT

← Return to Home ← Back to APT Search