APT
ATLAS
Atlas
Actors
Sectors
Requirements
⌘K
▸
sign in
Atlas
Actors
Sectors
Requirements
LOADING
APT3 (aka UPS Team, Buckeye) · APT Atlas
Actors
/
Nation-state / APT
/
Asia
APT3
APT
CN · China
AKA
UPS Team · Buckeye · Group 6 · Boyusec · Pirpi
CrowdStrike
:
GOTHIC PANDA
Secureworks
:
TG-0110
Targets
9
Sectors
11
Threat types
1
GIRs covered
0/480
Active since
2010
Pin to atlas
Watch
Share
Export
Victimology
Geographic footprint · 9 countries
Region filter
Export
origin · China
targeted countries · 9
EUROPE ·
6
Switzerland
·
Germany
·
France
·
United Kingdom
·
Italy
·
Netherlands
ASIA ·
2
Hong Kong
·
India
AMERICAS ·
1
United States
Sectors targeted
11 of 40
Aerospace
49 actors
Financial Services
61 actors
Healthcare
38 actors
Technology
51 actors
NGOs & Dissidents
47 actors
Energy / Utilities
49 actors
Oil and Gas
19 actors
Transportation
25 actors
Industrials / Engineering
23 actors
Chemicals
15 actors
Private Sector (generic)
28 actors
Tactics, techniques, procedures
Threat types + MITRE ATT&CK mapping
THREAT TYPES
ESP · Espionage
MITRE ATT&CK · 32 techniques
Initial Access
· 1
T1566.002
Spearphishing Link
Execution
· 5
T1053.005
Scheduled Task
Persistence
· 2
T1543.003
Windows Service
Credential Access
· 3
T1003.001
LSASS Memory
Discovery
· 6
T1016
System Network Configuration Discovery
Lateral Movement
· 2
T1021.001
Remote Desktop Protocol
T1021.002
Collection
· 2
T1005
Data from Local System
T1560.001
Archive via Utility
Exfiltration
· 1
T1041
Exfiltration Over C2 Channel
Command And Control
· 3
T1095
Non-Application Layer Protocol
Stealth
· 7
T1027
Obfuscated Files or Information
GIR coverage
0 / 480 requirements satisfied
Open matrix
No GIRs mapped yet for this actor.
Related actors
By origin and actor type
APT2
nation-state
China · 6 targets · since 2010
APT5
nation-state
China · 15 targets · since 2007
APT8
nation-state
China · 5 targets · since —
APT14
nation-state
China · 15 targets · since —
APT17
nation-state
China · 10 targets · since 2009
APT20
nation-state
China · 14 targets · since 2011
T1059.001
PowerShell
T1059.003
Windows Command Shell
T1203
Exploitation for Client Execution
T1204.001
Malicious Link
T1547.001
Registry Run Keys / Startup Folder
T1552.001
Credentials In Files
T1555.003
Credentials from Web Browsers
T1018
Remote System Discovery
T1033
System Owner/User Discovery
T1049
System Network Connections Discovery
T1057
Process Discovery
T1083
File and Directory Discovery
SMB/Windows Admin Shares
T1104
Multi-Stage Channels
T1105
Ingress Tool Transfer
T1027.002
Software Packing
T1036.010
Masquerade Account Name
T1070.004
File Deletion
T1078.002
Domain Accounts
T1218.011
Rundll32
T1564.003
Hidden Window