Aquatic Panda

[Aquatic Panda](https://attack.mitre.org/groups/G0143) is a suspected China-based threat group with a dual mission of intelligence collection and industrial espionage. Active since at least May 2020, [Aquatic Panda](https://attack.mitre.org/groups/G0143) has primarily targeted entities in the telecommunications, technology, and government sectors.(Citation: CrowdStrike AQUATIC PANDA December 2021)

Techniques

Covered

Gaps

100%

Coverage

Coverage37/37

COVERED (37)

T1003.001LSASS Memory111 det.T1005Data from Local System47 det.T1007System Service Discovery15 det.T1021Remote Services101 det.T1021.001Remote Desktop Protocol53 det.T1021.002SMB/Windows Admin Shares73 det.T1021.004SSH34 det.T1027.010Command Obfuscation38 det.T1033System Owner/User Discovery61 det.T1036.004Masquerade Task or Service7 det.T1036.005Match Legitimate Resource Name or Location44 det.T1047Windows Management Instrumentation87 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1059.004Unix Shell155 det.T1070.001Clear Windows Event Logs16 det.T1070.003Clear Command History15 det.T1070.004File Deletion42 det.T1078.002Domain Accounts28 det.T1082System Information Discovery86 det.T1087Account Discovery50 det.T1105Ingress Tool Transfer183 det.T1112Modify Registry203 det.T1218.011Rundll3275 det.T1518.001Security Software Discovery10 det.T1543.003Windows Service79 det.T1550.002Pass the Hash10 det.T1560.001Archive via Utility26 det.T1562.001Disable or Modify Tools311 det.T1574.001DLL109 det.T1574.006Dynamic Linker Hijacking24 det.T1588.001Malware2 det.T1588.002Tool13 det.T1595.002Vulnerability Scanning12 det.T1654Log Enumeration1 det.T1685Disable or Modify Tools278 det.T1685.005Clear Windows Event Logs11 det.