Threat Group-3390

Active

Also known as: Threat Group-3390, Earth Smilodon, TG-3390, Emissary Panda, BRONZE UNION, APT27, Iron Tiger, LuckyMouse, Linen Typhoon

🇨🇳

China

Active Since

2017

MITRE ID

G0027

Techniques

[Threat Group-3390](https://attack.mitre.org/groups/G0027) is a Chinese threat group that has extensively used strategic Web compromises to target victims.(Citation: Dell TG-3390) The group has been active since at least 2010 and has targeted organizations in the aerospace, government, defense, technology, energy, manufacturing and gambling/betting sectors.(Citation: SecureWorks BRONZE UNION June 2017)(Citation: Securelist LuckyMouse June 2018)(Citation: Trend Micro DRBControl February 2020)

MITRE ATT&CK Techniques

Recon0

Resource6

T1588.003Code Signing Certificates

T1583.001Domains

T1608.004Drive-by Target

T1588.002Tool

T1608.001Upload Malware

T1608.002Upload Tool

Initial5

T1195.002Compromise Software Supply Chain

T1189Drive-by Compromise

T1190Exploit Public-Facing Application

T1566.001Spearphishing Attachment

T1199Trusted Relationship

Exec6

T1053.002At

T1203Exploitation for Client Execution

T1204.002Malicious File

T1059.001PowerShell

T1059.003Windows Command Shell

T1047Windows Management Instrumentation

Persist5

T1574.001DLL

T1133External Remote Services

T1547.001Registry Run Keys / Startup Folder

T1505.003Web Shell

T1543.003Windows Service

PrivEsc2

T1548.002Bypass User Account Control

T1068Exploitation for Privilege Escalation

Defense10

T1027.015Compression

T1140Deobfuscate/Decode Files or Information

T1562.002Disable Windows Event Logging

T1027.013Encrypted/Encoded File

T1070.004File Deletion

T1112Modify Registry

T1070.005Network Share Connection Removal

T1055.012Process Hollowing

+2 more

Creds4

T1003.004LSA Secrets

T1003.001LSASS Memory

T1555.005Password Managers

T1003.002Security Account Manager

Discovery7

T1087.001Local Account

T1046Network Service Discovery

T1012Query Registry

T1018Remote System Discovery

T1016System Network Configuration Discovery

T1049System Network Connections Discovery

T1033System Owner/User Discovery

Lateral2

T1210Exploitation of Remote Services

T1021.006Windows Remote Management

Collect6

T1560.002Archive via Library

T1119Automated Collection

T1005Data from Local System

T1056.001Keylogging

T1074.001Local Data Staging

T1074.002Remote Data Staging

C22

T1105Ingress Tool Transfer

T1071.001Web Protocols

Exfil2

T1030Data Transfer Size Limits

T1567.002Exfiltration to Cloud Storage

Impact0

Known Victims

live · just now

No victims recorded in ransomware.live for this group.