Ke3chang

OriginChina

Techniques (MITRE ATT&CK)46

SourceMITRE ATT&CK

Also known as:APT15MirageVixen PandaGREFPlayful DragonRoyalAPTNICKELNylon Typhoon

Vexday analysis

Ke3chang é um grupo de ameaça persistente avançada (APT) atribuído a atores com origem na China, rastreado pelo MITRE ATT&CK sob o identificador G0004 e também conhecido pelos aliases APT15, Mirage, Vixen Panda, GREF, Playful Dragon e RoyalAPT. O grupo tem como alvos organizações dos setores de petróleo, governo, diplomacia, militar e ONGs na América Central e do Sul, no Caribe, na Europa e na América do Norte, com atividade documentada desde pelo menos 2010. Ao grupo são atribuídas 46 técnicas no framework MITRE ATT&CK e a exploração de 2 CVEs conhecidas.

Techniques (MITRE ATT&CK) 46

How the group operates, mapped to the MITRE ATT&CK matrix and organized by the phases of an attack.

Resource development

Botnet Malware Tool

Initial access

Exploit Public-Facing Application

Execution

Command and Scripting Interpreter Windows Command Shell Service Execution

Persistence

External Remote Services Windows Service Registry Run Keys / Startup Folder

Credential access

LSASS Memory Security Account Manager NTDS LSA Secrets Golden Ticket

Discovery

System Service Discovery System Network Configuration Discovery Remote System Discovery System Owner/User Discovery System Network Connections Discovery Process Discovery Domain Groups System Information Discovery File and Directory Discovery Local Account Domain Account System Language Discovery

Lateral movement

SMB/Windows Admin Shares

Collection

Data from Local System Keylogging Remote Email Collection Automated Collection Sharepoint Archive Collected Data Archive via Utility

Command and control

Web Protocols DNS Ingress Tool Transfer

Exfiltration

Automated Exfiltration Exfiltration Over C2 Channel

stealth

Obfuscated Files or Information Right-to-Left Override Match Legitimate Resource Name or Location Valid Accounts Cloud Accounts Deobfuscate/Decode Files or Information

Exploited vulnerabilities 2

CVEs this group is known to exploit, per MITRE ATT&CK. Ordered by real-world severity.

CVE-2014-7169CRITICALEPSS 100%KEV CVE-2016-6662EPSS 68%

Ke3chang uses real techniques and exploits real flaws. TrueHacking's AI Autonomous Pentest simulates these attacks against your infrastructure and brings more security to your application.

Explore the AI Autonomous Pentest →