APT 017
Also known as: Tailgator Team, Deputy Dog
Suspected attribution: China
Target sectors: U.S. government, and international law firms and information technology companies
Overview: Conducts network intrusion against targeted organizations.
Associated malware: BLACKCOFFEE
Attack vectors: The threat group took advantage of the ability to create profiles and post in forums to embed encoded CnC for use with a variant of the malware it used. This technique can make it difficult for network security professionals to determine the true location of the CnC, and allow the CnC infrastructure to remain active for a longer period.
Further readings:
Hiding in Plain Sight: FireEye and Microsoft Expose Obfuscation Tactic
IOC’s: Download from GitHub here.