Aquatic Panda

[Aquatic Panda](https://attack.mitre.org/groups/G0143) is a suspected China-based threat group with a dual mission of intelligence collection and industrial espionage. Active since at least May 2020, [Aquatic Panda](https://attack.mitre.org/groups/G0143) has primarily targeted entities in the telecommunications, technology, and government sectors.(Citation: CrowdStrike AQUATIC PANDA December 2021)

Techniques

Covered

Gaps

100%

Coverage

Coverage35/35

COVERED (35)

T1003.001LSASS Memory105 det.T1005Data from Local System46 det.T1007System Service Discovery11 det.T1021Remote Services94 det.T1021.001Remote Desktop Protocol51 det.T1021.002SMB/Windows Admin Shares67 det.T1021.004SSH31 det.T1027.010Command Obfuscation31 det.T1033System Owner/User Discovery59 det.T1036.004Masquerade Task or Service7 det.T1036.005Match Legitimate Resource Name or Location44 det.T1047Windows Management Instrumentation85 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1059.004Unix Shell149 det.T1070.001Clear Windows Event Logs15 det.T1070.003Clear Command History14 det.T1070.004File Deletion40 det.T1078.002Domain Accounts26 det.T1082System Information Discovery80 det.T1087Account Discovery40 det.T1105Ingress Tool Transfer170 det.T1112Modify Registry197 det.T1218.011Rundll3273 det.T1518.001Security Software Discovery8 det.T1543.003Windows Service79 det.T1550.002Pass the Hash9 det.T1560.001Archive via Utility24 det.T1562.001Disable or Modify Tools300 det.T1574.001DLL106 det.T1574.006Dynamic Linker Hijacking24 det.T1588.001Malware2 det.T1588.002Tool13 det.T1595.002Vulnerability Scanning12 det.T1654Log Enumeration1 det.