🇨🇳
Ice Fog
APT Group
Information theft and espionage
19 zero-day CVEs
ETDA ✓
Also Known As 7 names
DAGGER PANDA
PLA Unit 69010
Red Foxtrot
Red Wendigo
RedFoxtrot
Trident
UAT-7290
Target Countries 30
Countries highlighted in red
Afghanistan
Austria
Australia
Belarus
Canada
China
Germany
France
United Kingdom
Hong Kong
India
Islamic Republic of Iran
Italy
Japan
Republic of Korea
Kazakhstan
Sri Lanka
Mongolia
Maldives
Malaysia
Netherlands
Philippines
Pakistan
Russian Federation
Singapore
Tajikistan
Turkey
Province of China Taiwan
United States
Uzbekistan
Sectors Targeted
Public Administration
92
Water Transportation
483
Military
Employment Placement Agencies and Executive Search Services
56131
Oil and Gas Extraction
211
Ship Building and Repairing
336611
Utilities
22
Utilities
Media
Space Research and Technology
927
Agriculture, Forestry, Fishing and Hunting
11
Professional, Scientific, and Technical Services
54
others
Telecommunications
Computer Systems Design and Related Services
54151
Aerospace
Government
Computer Systems Design Services
541512
Other Services (except Public Administration)
81
Telecommunications
517
National Security and International Affairs
928
Maritime and Shipbuilding
Insurance Carriers and Related Activities
524
High-Tech
Other Information Services
519
Information
51
Defense
Finance and Insurance
52
NAICS:31
31
Details
Origin
🇨🇳 CN
Last Updated
01 Jun 2022
MITRE ATT&CK 193
T1001
T1003 - OS Credential Dumping
T1005 - Data from Local System
T1007 - System Service Discovery
T1008 - Fallback Channels
T1010
T1011
T1012 - Query Registry
T1016 - System Network Configuration Discovery
T1018 - Remote System Discovery
T1021
T1027 - Obfuscated Files or Information
T1027.002 - Software Packing
T1031 - Modify Existing Service
T1033 - System Owner/User Discovery
T1035 - Service Execution
T1036 - Masquerading
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1043 - Commonly Used Port
T1045 - Software Packing
T1046 - Network Service Scanning
T1047 - Windows Management Instrumentation
T1048
T1049
T1053
T1055 - Process Injection
T1056 - Input Capture
T1056.001 - Keylogging
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1059.007 - JavaScript
T1060 - Registry Run Keys / Startup Folder
T1063 - Security Software Discovery
T1068 - Exploitation for Privilege Escalation
T1069 - Permission Groups Discovery
T1070 - Indicator Removal on Host
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1071.003
T1071.004 - DNS
T1074 - Data Staged
T1078
T1080 - Taint Shared Content
T1081
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1085
T1087 - Account Discovery
T1090 - Proxy
T1095 - Non-Application Layer Protocol
T1096 - NTFS File Attributes
T1100
T1102 - Web Service
T1104
T1105 - Ingress Tool Transfer
T1106 - Native API
T1110
T1110.002 - Password Cracking
T1112 - Modify Registry
T1113 - Screen Capture
T1114 - Email Collection
T1114.001
T1114.002
T1115
T1119 - Automated Collection
T1120 - Peripheral Device Discovery
T1123 - Audio Capture
T1124
T1127
T1129 - Shared Modules
T1130
T1132 - Data Encoding
T1132.001 - Standard Encoding
T1133
T1135 - Network Share Discovery
T1136
T1137
T1140 - Deobfuscate/Decode Files or Information
T1143 - Hidden Window
T1147 - Hidden Users
T1155 - AppleScript
T1156
T1170
T1173 - Dynamic Data Exchange
T1176 - Browser Extensions
T1179 - Hooking
T1185 - Man in the Browser
T1189 - Drive-by Compromise
T1190
T1199 - Trusted Relationship
T1202 - Indirect Command Execution
T1204 - User Execution
T1204.001 - Malicious Link
T1204.002
T1204.003 - Malicious Image
T1210 - Exploitation of Remote Services
T1211
T1217
T1218 - Signed Binary Proxy Execution
T1406 - Obfuscated Files or Information
T1409 - Access Stored Application Data
T1410 - Network Traffic Capture or Redirection
T1412 - Capture SMS Messages
T1413 - Access Sensitive Data in Device Logs
T1414 - Capture Clipboard Data
T1418 - Application Discovery
T1421 - System Network Connections Discovery
T1422 - System Network Configuration Discovery
T1423 - Network Service Scanning
T1424 - Process Discovery
T1426 - System Information Discovery
T1427 - Attack PC via USB Connection
T1429 - Capture Audio
T1430 - Location Tracking
T1432 - Access Contact List
T1439 - Eavesdrop on Insecure Network Communication
T1445 - Abuse of iOS Enterprise App Signing Key
T1447 - Delete Device Data
T1449 - Exploit SS7 to Redirect Phone Calls/SMS
T1450 - Exploit SS7 to Track Device Location
T1453 - Abuse Accessibility Features
T1454
T1457 - Malicious Media Content
T1472 - Generate Fraudulent Advertising Revenue
T1480 - Execution Guardrails
T1482 - Domain Trust Discovery
T1485
T1486 - Data Encrypted for Impact
T1489
T1490 - Inhibit System Recovery
T1496
T1497 - Virtualization/Sandbox Evasion
T1497.003
T1498 - Network Denial of Service
T1503
T1507 - Network Information Discovery
T1518 - Software Discovery
T1518.001 - Security Software Discovery
T1523 - Evade Analysis Environment
T1529
T1530 - Data from Cloud Storage Object
T1531
T1533 - Data from Local System
T1539 - Steal Web Session Cookie
T1543 - Create or Modify System Process
T1546
T1547 - Boot or Logon Autostart Execution
T1547.001 - Registry Run Keys / Startup Folder
T1550
T1552
T1553 - Subvert Trust Controls
T1553.002 - Code Signing
T1555 - Credentials from Password Stores
T1555.003 - Credentials from Web Browsers
T1560 - Archive Collected Data
T1561
T1562 - Impair Defenses
T1562.001
T1563 - Remote Service Session Hijacking
T1565 - Data Manipulation
T1566 - Phishing
T1568 - Dynamic Resolution
T1568.002 - Domain Generation Algorithms
T1569 - System Services
T1571 - Non-Standard Port
T1573 - Encrypted Channel
T1573.001 - Symmetric Cryptography
T1574 - Hijack Execution Flow
T1574.001 - DLL Search Order Hijacking
T1574.008 - Path Interception by Search Order Hijacking
T1583 - Acquire Infrastructure
T1583.001 - Domains
T1583.002 - DNS Server
T1583.005 - Botnet
T1584.006 - Web Services
T1587
T1590 - Gather Victim Network Information
T1593.002 - Search Engines
T1595 - Active Scanning
T1598 - Phishing for Information
T1614
TA0002 - Execution
TA0003 - Persistence
TA0004 - Privilege Escalation
TA0005 - Defense Evasion
TA0006 - Credential Access
TA0007 - Discovery
TA0011 - Command and Control
TA0029
TA0037 - Command and Control