MITRE Shield will be retired on October 18th in favor of MITRE Engage. To learn more, click here.
Mapping To APT17
APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations.
Disclaimer: We present this mapping to stimulate thinking about active defense options to combat this adversary, not to present all possibilities. We invite you to use this as a guide and add your own use cases for applying Shield techniques to counter each adversary action.
Note: All ATT&CK Group sub-technique mappings have been remapped to their parent technique and were derived from Group Technique mappings in ATT&CK v8.
Details
ATT&CK ID:
G0025
Associated Groups:
APT17, Deputy Dog
Note:
This page uses Adversary Group data from MITRE ATT&CK.
ATT&CK Technique |
Opportunity Space | AD Technique | Use Case |
|---|---|---|---|
| T1583 - Acquire Infrastructure | There is an opportunity to gain visibility into newly created or previously unknown adversary infrastructure | DTE0021 - Hunting | A defender could use information about an adversary's TTPs in order to monitor for new adversary infrastructure and files. |
| T1585 - Establish Accounts | Users trained and encouraged to report phishing can detect attacks that other defenses do not. | DTE0035 - User Training | A program to train and exercise the anti-phishing skills of users can create "Human Sensors" that help detect phishing attacks. |