EXPLORE
← Back to Actors

UNC3886

UNC3886

[UNC3886](https://attack.mitre.org/groups/G1048) is a China-nexus cyberespionage group that has been active since at least 2022, targeting defense, technology, and telecommunication organizations located in the United States and the Asia-Pacific-Japan (APJ) regions. [UNC3886](https://attack.mitre.org/groups/G1048) has displayed a deep understanding of edge devices and virtualization technologies through the exploitation of zero-day vulnerabilities and the use of novel malware families and utilities.(Citation: Mandiant Fortinet Zero Day)(Citation: Google Cloud Threat Intelligence VMWare ESXi Ze...

52
Techniques
46
Covered
6
Gaps
88%
Coverage
Coverage46/52

COVERED (46)

T1003.001LSASS Memory111 det.T1008Fallback Channels5 det.T1014Rootkit30 det.T1021.004SSH35 det.T1027.005Indicator Removal from Tools6 det.T1036.004Masquerade Task or Service7 det.T1037Boot or Logon Initialization Scripts26 det.T1037.004RC Scripts11 det.T1040Network Sniffing15 det.T1057Process Discovery21 det.T1059.001PowerShell372 det.T1059.003Windows Command Shell83 det.T1059.004Unix Shell165 det.T1059.006Python51 det.T1059.012Hypervisor CLI9 det.T1068Exploitation for Privilege Escalation99 det.T1070.004File Deletion43 det.T1070.006Timestomp10 det.T1074.001Local Data Staging10 det.T1078Valid Accounts297 det.T1078.001Default Accounts9 det.T1083File and Directory Discovery48 det.T1095Non-Application Layer Protocol24 det.T1124System Time Discovery4 det.T1190Exploit Public-Facing Application227 det.T1203Exploitation for Client Execution79 det.T1205Traffic Signaling1 det.T1205.001Port Knocking1 det.T1212Exploitation for Credential Access11 det.T1218.011Rundll3275 det.T1505.006vSphere Installation Bundles1 det.T1548Abuse Elevation Control Mechanism103 det.T1554Compromise Host Software Binary19 det.T1555.005Password Managers4 det.T1560.001Archive via Utility26 det.T1562.001Disable or Modify Tools316 det.T1562.003Impair Command History Logging3 det.T1562.004Disable or Modify System Firewall48 det.T1570Lateral Tool Transfer23 det.T1587.001Malware10 det.T1588.001Malware2 det.T1588.004Digital Certificates1 det.T1673Virtual Machine Discovery4 det.T1685Disable or Modify Tools279 det.T1686Disable or Modify System Firewall19 det.T1690Prevent Command History Logging3 det.