← Back to Actors
Ke3chang
Ke3changAPT15MirageVixen PandaGREFPlayful DragonRoyalAPTNICKELNylon Typhoon
[Ke3chang](https://attack.mitre.org/groups/G0004) is a threat group attributed to actors operating out of China. [Ke3chang](https://attack.mitre.org/groups/G0004) has targeted oil, government, diplomatic, military, and NGOs in Central and South America, the Caribbean, Europe, and North America since at least 2010.(Citation: Mandiant Operation Ke3chang November 2014)(Citation: NCC Group APT15 Alive and Strong)(Citation: APT15 Intezer June 2018)(Citation: Microsoft NICKEL December 2021)
46
Techniques
45
Covered
1
Gaps
98%
Coverage
Coverage45/46
GAPS (1)
COVERED (45)
T1003.001LSASS Memory111 det.T1003.002Security Account Manager49 det.T1003.003NTDS36 det.T1003.004LSA Secrets18 det.T1005Data from Local System47 det.T1007System Service Discovery15 det.T1016System Network Configuration Discovery39 det.T1018Remote System Discovery50 det.T1020Automated Exfiltration20 det.T1021.002SMB/Windows Admin Shares73 det.T1027Obfuscated Files or Information561 det.T1033System Owner/User Discovery61 det.T1036.002Right-to-Left Override6 det.T1036.005Match Legitimate Resource Name or Location44 det.T1041Exfiltration Over C2 Channel31 det.T1049System Network Connections Discovery22 det.T1056.001Keylogging4 det.T1057Process Discovery20 det.T1059Command and Scripting Interpreter486 det.T1059.003Windows Command Shell82 det.T1069.002Domain Groups44 det.T1071.001Web Protocols80 det.T1071.004DNS34 det.T1078Valid Accounts280 det.T1078.004Cloud Accounts167 det.T1082System Information Discovery86 det.T1083File and Directory Discovery48 det.T1087.001Local Account33 det.T1087.002Domain Account57 det.T1105Ingress Tool Transfer183 det.T1114.002Remote Email Collection18 det.T1119Automated Collection12 det.T1133External Remote Services72 det.T1140Deobfuscate/Decode Files or Information58 det.T1190Exploit Public-Facing Application216 det.T1213.002Sharepoint4 det.T1543.003Windows Service79 det.T1547.001Registry Run Keys / Startup Folder53 det.T1558.001Golden Ticket2 det.T1560Archive Collected Data12 det.T1560.001Archive via Utility26 det.T1569.002Service Execution64 det.T1587.001Malware10 det.T1588.002Tool13 det.T1614.001System Language Discovery2 det.