EXPLORE
Sign In
← Back to Actors

UNC3886

UNC3886

[UNC3886](https://attack.mitre.org/groups/G1048) is a China-nexus cyberespionage group that has been active since at least 2022, targeting defense, technology, and telecommunication organizations located in the United States and the Asia-Pacific-Japan (APJ) regions. [UNC3886](https://attack.mitre.org/groups/G1048) has displayed a deep understanding of edge devices and virtualization technologies through the exploitation of zero-day vulnerabilities and the use of novel malware families and utilities.(Citation: Mandiant Fortinet Zero Day)(Citation: Google Cloud Threat Intelligence VMWare ESXi Ze...

52
Techniques
46
Covered
6
Gaps
88%
Coverage
Coverage46/52

GAPS (6)

T1070.007Clear Network Connection History and ConfigurationsT1560.003Archive via Custom MethodT1564.011Ignore Process InterruptsT1587.004ExploitsT1675ESXi Administration CommandT1681Search Threat Vendor Data

COVERED (46)

T1003.001LSASS Memory111 det.T1008Fallback Channels5 det.T1014Rootkit30 det.T1021.004SSH34 det.T1027.005Indicator Removal from Tools6 det.T1036.004Masquerade Task or Service7 det.T1037Boot or Logon Initialization Scripts25 det.T1037.004RC Scripts11 det.T1040Network Sniffing15 det.T1057Process Discovery20 det.T1059.001PowerShell368 det.T1059.003Windows Command Shell82 det.T1059.004Unix Shell155 det.T1059.006Python49 det.T1059.012Hypervisor CLI9 det.T1068Exploitation for Privilege Escalation99 det.T1070.004File Deletion42 det.T1070.006Timestomp10 det.T1074.001Local Data Staging10 det.T1078Valid Accounts280 det.T1078.001Default Accounts9 det.T1083File and Directory Discovery48 det.T1095Non-Application Layer Protocol23 det.T1124System Time Discovery4 det.T1190Exploit Public-Facing Application216 det.T1203Exploitation for Client Execution75 det.T1205Traffic Signaling1 det.T1205.001Port Knocking1 det.T1212Exploitation for Credential Access11 det.T1218.011Rundll3275 det.T1505.006vSphere Installation Bundles1 det.T1548Abuse Elevation Control Mechanism100 det.T1554Compromise Host Software Binary18 det.T1555.005Password Managers4 det.T1560.001Archive via Utility26 det.T1562.001Disable or Modify Tools311 det.T1562.003Impair Command History Logging3 det.T1562.004Disable or Modify System Firewall48 det.T1570Lateral Tool Transfer22 det.T1587.001Malware10 det.T1588.001Malware2 det.T1588.004Digital Certificates1 det.T1673Virtual Machine Discovery4 det.T1685Disable or Modify Tools278 det.T1686Disable or Modify System Firewall19 det.T1690Prevent Command History Logging3 det.