← Back to Actors
Ke3chang
Ke3changAPT15MirageVixen PandaGREFPlayful DragonRoyalAPTNICKELNylon Typhoon
[Ke3chang](https://attack.mitre.org/groups/G0004) is a threat group attributed to actors operating out of China. [Ke3chang](https://attack.mitre.org/groups/G0004) has targeted oil, government, diplomatic, military, and NGOs in Central and South America, the Caribbean, Europe, and North America since at least 2010.(Citation: Mandiant Operation Ke3chang November 2014)(Citation: NCC Group APT15 Alive and Strong)(Citation: APT15 Intezer June 2018)(Citation: Microsoft NICKEL December 2021)
46
Techniques
45
Covered
1
Gaps
98%
Coverage
Coverage45/46
GAPS (1)
COVERED (45)
T1003.001LSASS Memory105 det.T1003.002Security Account Manager45 det.T1003.003NTDS34 det.T1003.004LSA Secrets16 det.T1005Data from Local System46 det.T1007System Service Discovery11 det.T1016System Network Configuration Discovery35 det.T1018Remote System Discovery46 det.T1020Automated Exfiltration17 det.T1021.002SMB/Windows Admin Shares67 det.T1027Obfuscated Files or Information525 det.T1033System Owner/User Discovery59 det.T1036.002Right-to-Left Override6 det.T1036.005Match Legitimate Resource Name or Location44 det.T1041Exfiltration Over C2 Channel30 det.T1049System Network Connections Discovery21 det.T1056.001Keylogging4 det.T1057Process Discovery18 det.T1059Command and Scripting Interpreter462 det.T1059.003Windows Command Shell79 det.T1069.002Domain Groups42 det.T1071.001Web Protocols74 det.T1071.004DNS31 det.T1078Valid Accounts252 det.T1078.004Cloud Accounts149 det.T1082System Information Discovery80 det.T1083File and Directory Discovery48 det.T1087.001Local Account32 det.T1087.002Domain Account55 det.T1105Ingress Tool Transfer170 det.T1114.002Remote Email Collection18 det.T1119Automated Collection11 det.T1133External Remote Services72 det.T1140Deobfuscate/Decode Files or Information55 det.T1190Exploit Public-Facing Application208 det.T1213.002Sharepoint4 det.T1543.003Windows Service79 det.T1547.001Registry Run Keys / Startup Folder50 det.T1558.001Golden Ticket1 det.T1560Archive Collected Data11 det.T1560.001Archive via Utility24 det.T1569.002Service Execution63 det.T1587.001Malware9 det.T1588.002Tool13 det.T1614.001System Language Discovery2 det.