← Back to Actors
Ke3chang
Ke3changAPT15MirageVixen PandaGREFPlayful DragonRoyalAPTNICKELNylon Typhoon
[Ke3chang](https://attack.mitre.org/groups/G0004) is a threat group attributed to actors operating out of China. [Ke3chang](https://attack.mitre.org/groups/G0004) has targeted oil, government, diplomatic, military, and NGOs in Central and South America, the Caribbean, Europe, and North America since at least 2010.(Citation: Mandiant Operation Ke3chang November 2014)(Citation: NCC Group APT15 Alive and Strong)(Citation: APT15 Intezer June 2018)(Citation: Microsoft NICKEL December 2021)
46
Techniques
45
Covered
1
Gaps
98%
Coverage
Coverage45/46
GAPS (1)
COVERED (45)
T1003.001LSASS Memory111 det.T1003.002Security Account Manager49 det.T1003.003NTDS36 det.T1003.004LSA Secrets18 det.T1005Data from Local System47 det.T1007System Service Discovery15 det.T1016System Network Configuration Discovery40 det.T1018Remote System Discovery51 det.T1020Automated Exfiltration20 det.T1021.002SMB/Windows Admin Shares74 det.T1027Obfuscated Files or Information606 det.T1033System Owner/User Discovery61 det.T1036.002Right-to-Left Override6 det.T1036.005Match Legitimate Resource Name or Location45 det.T1041Exfiltration Over C2 Channel32 det.T1049System Network Connections Discovery22 det.T1056.001Keylogging4 det.T1057Process Discovery21 det.T1059Command and Scripting Interpreter514 det.T1059.003Windows Command Shell83 det.T1069.002Domain Groups44 det.T1071.001Web Protocols81 det.T1071.004DNS35 det.T1078Valid Accounts297 det.T1078.004Cloud Accounts183 det.T1082System Information Discovery86 det.T1083File and Directory Discovery48 det.T1087.001Local Account33 det.T1087.002Domain Account57 det.T1105Ingress Tool Transfer184 det.T1114.002Remote Email Collection18 det.T1119Automated Collection12 det.T1133External Remote Services74 det.T1140Deobfuscate/Decode Files or Information58 det.T1190Exploit Public-Facing Application227 det.T1213.002Sharepoint4 det.T1543.003Windows Service79 det.T1547.001Registry Run Keys / Startup Folder53 det.T1558.001Golden Ticket2 det.T1560Archive Collected Data12 det.T1560.001Archive via Utility26 det.T1569.002Service Execution64 det.T1587.001Malware10 det.T1588.002Tool13 det.T1614.001System Language Discovery2 det.