Skip to content

G0025 APT17

APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. 1

Item Value
ID G0025
Associated Names Deputy Dog
Version 1.1
Created 31 May 2017
Last Modified 13 October 2020
Navigation Layer View In ATT&CK® Navigator

Associated Group Descriptions

Name Description
Deputy Dog 1

Techniques Used

Domain ID Name Use
enterprise T1583 Acquire Infrastructure -
enterprise T1583.006 Web Services APT17 has created profile pages in Microsoft TechNet that were used as C2 infrastructure.1
enterprise T1585 Establish Accounts APT17 has created and cultivated profile pages in Microsoft TechNet. To make profile pages appear more legitimate, APT17 has created biographical sections and posted in forum threads.1


ID Name References Techniques
S0069 BLACKCOFFEE 1 Windows Command Shell:Command and Scripting Interpreter File and Directory Discovery File Deletion:Indicator Removal Multi-Stage Channels Process Discovery Dead Drop Resolver:Web Service Bidirectional Communication:Web Service