EXPLORE
← Back to Actors

Threat Group-3390

Threat Group-3390Earth SmilodonTG-3390Emissary PandaBRONZE UNIONAPT27Iron TigerLuckyMouseLinen Typhoon

[Threat Group-3390](https://attack.mitre.org/groups/G0027) is a Chinese threat group that has extensively used strategic Web compromises to target victims.(Citation: Dell TG-3390) The group has been active since at least 2010 and has targeted organizations in the aerospace, government, defense, technology, energy, manufacturing and gambling/betting sectors.(Citation: SecureWorks BRONZE UNION June 2017)(Citation: Securelist LuckyMouse June 2018)(Citation: Trend Micro DRBControl February 2020)

58
Techniques
56
Covered
2
Gaps
97%
Coverage
Coverage56/58

COVERED (56)

T1003.001LSASS Memory111 det.T1003.002Security Account Manager49 det.T1003.004LSA Secrets18 det.T1005Data from Local System47 det.T1012Query Registry25 det.T1016System Network Configuration Discovery40 det.T1018Remote System Discovery51 det.T1021.006Windows Remote Management22 det.T1027.002Software Packing2 det.T1027.013Encrypted/Encoded File8 det.T1027.015Compression2 det.T1030Data Transfer Size Limits7 det.T1033System Owner/User Discovery61 det.T1046Network Service Discovery51 det.T1047Windows Management Instrumentation88 det.T1049System Network Connections Discovery22 det.T1053.002At17 det.T1055.012Process Hollowing9 det.T1056.001Keylogging4 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1068Exploitation for Privilege Escalation99 det.T1070.004File Deletion43 det.T1070.005Network Share Connection Removal7 det.T1071.001Web Protocols81 det.T1074.001Local Data Staging10 det.T1074.002Remote Data Staging3 det.T1078Valid Accounts297 det.T1087.001Local Account33 det.T1105Ingress Tool Transfer184 det.T1112Modify Registry203 det.T1119Automated Collection12 det.T1133External Remote Services74 det.T1140Deobfuscate/Decode Files or Information58 det.T1189Drive-by Compromise10 det.T1190Exploit Public-Facing Application227 det.T1195.002Compromise Software Supply Chain23 det.T1199Trusted Relationship6 det.T1203Exploitation for Client Execution79 det.T1204.002Malicious File441 det.T1210Exploitation of Remote Services35 det.T1505.003Web Shell65 det.T1543.003Windows Service79 det.T1547.001Registry Run Keys / Startup Folder53 det.T1548.002Bypass User Account Control84 det.T1555.005Password Managers4 det.T1560.002Archive via Library1 det.T1562.002Disable Windows Event Logging44 det.T1566.001Spearphishing Attachment979 det.T1567.002Exfiltration to Cloud Storage31 det.T1574.001DLL111 det.T1583.001Domains62 det.T1588.002Tool13 det.T1608.001Upload Malware3 det.T1608.002Upload Tool1 det.T1685.001Disable or Modify Windows Event Log39 det.