EXPLORE
Sign In
← Back to Actors

UNC3886

UNC3886

[UNC3886](https://attack.mitre.org/groups/G1048) is a China-nexus cyberespionage group that has been active since at least 2022, targeting defense, technology, and telecommunication organizations located in the United States and the Asia-Pacific-Japan (APJ) regions. [UNC3886](https://attack.mitre.org/groups/G1048) has displayed a deep understanding of edge devices and virtualization technologies through the exploitation of zero-day vulnerabilities and the use of novel malware families and utilities.(Citation: Mandiant Fortinet Zero Day)(Citation: Google Cloud Threat Intelligence VMWare ESXi Ze...

49
Techniques
43
Covered
6
Gaps
88%
Coverage
Coverage43/49

GAPS (6)

T1070.007Clear Network Connection History and ConfigurationsT1560.003Archive via Custom MethodT1564.011Ignore Process InterruptsT1587.004ExploitsT1675ESXi Administration CommandT1681Search Threat Vendor Data

COVERED (43)

T1003.001LSASS Memory105 det.T1008Fallback Channels5 det.T1014Rootkit29 det.T1021.004SSH31 det.T1027.005Indicator Removal from Tools6 det.T1036.004Masquerade Task or Service7 det.T1037Boot or Logon Initialization Scripts25 det.T1037.004RC Scripts11 det.T1040Network Sniffing15 det.T1057Process Discovery18 det.T1059.001PowerShell338 det.T1059.003Windows Command Shell79 det.T1059.004Unix Shell149 det.T1059.006Python43 det.T1059.012Hypervisor CLI9 det.T1068Exploitation for Privilege Escalation91 det.T1070.004File Deletion40 det.T1070.006Timestomp9 det.T1074.001Local Data Staging10 det.T1078Valid Accounts252 det.T1078.001Default Accounts8 det.T1083File and Directory Discovery48 det.T1095Non-Application Layer Protocol23 det.T1124System Time Discovery4 det.T1190Exploit Public-Facing Application208 det.T1203Exploitation for Client Execution71 det.T1205Traffic Signaling1 det.T1205.001Port Knocking1 det.T1212Exploitation for Credential Access9 det.T1218.011Rundll3273 det.T1505.006vSphere Installation Bundles1 det.T1548Abuse Elevation Control Mechanism91 det.T1554Compromise Host Software Binary18 det.T1555.005Password Managers4 det.T1560.001Archive via Utility24 det.T1562.001Disable or Modify Tools300 det.T1562.003Impair Command History Logging3 det.T1562.004Disable or Modify System Firewall45 det.T1570Lateral Tool Transfer20 det.T1587.001Malware9 det.T1588.001Malware2 det.T1588.004Digital Certificates1 det.T1673Virtual Machine Discovery4 det.