APT17
G00251 reportsaliases · APT17 · Deputy Dog
1
Reports
5
Techniques
4
Tactics
2
Countries
100%
Hunt coverage
2
Aliases
Analyst assessment — key judgments
- Signature techniques: T1053.005 (Scheduled Task), T1204.002 (Malicious File), T1588.006 (Vulnerabilities).
- Primary targeting: RU, BR.
- Newly emerged: 1 report(s) in last 30d vs 0 prior (+100%).
- Recent movement: 5 new technique(s), 82 new infrastructure indicator(s) in the last 30 days.
- Hunt coverage 100% of 5 observed techniques (0 gap(s)).
- Assessment confidence: medium (60).
Activity & trend
Newly emergedLast 30d: 1 vs 0 prior (+100%)· first reported 2026-07-03 · last 2026-07-03
0
7d
1
30d
1
90d
1
All
0.1
Rpts/wk
Reporting timeline · 12 months
Movement — last 30 days
New techniques
T1053.005T1204.002T1588.006T1059.001T1589.001Targeting gained
BRRUNew infrastructure
5d5c3e483c5e544260ce98fc29fbf1927141917cba2eee2b4d31107faccf3a39f5c6434ee5f7578faa3bc1257e1c9226c019797a00fd56edb1f468ac0a598510a0ec7a8e61eff3f445a7455b3aef9fbb7db9c688c620e54e8c69b7e52a7579fb90378881856abfa47d7745c0a3ef9dc81dba3e505491a260a44c867902c3296e1096268fa2b3d454c86cf851cb782319f2ab09d7e7a375a192508a5014aa2ee40041fd1b2358cd08dbcbc28ea8fc3d20894332174f536c2e1efeda05cba79f8bOverview
Analyst triage
Intelligence summary
APT17 is a China-based threat group that has conducted network intrusions against U.S. government entities, the defense industry, law firms, information technology companies, mining companies, and non-government organizations. (Citation: FireEye APT17)
Top co-occurring indicators
Aliases & naming
Targeting · countries
Targeting · named victims
ATT&CK technique matrix
Coverage vs hunt library:
—
Hunt-coverage gaps — prioritized
Top techniques by observation
- T1053.005 · Scheduled Taskconf 601
- T1204.002 · Malicious Fileconf 601
- T1588.006 · Vulnerabilitiesconf 601
- T1059.001 · PowerShellconf 601
- T1589.001 · Credentialsconf 601
Threat catalogue · engineering roadmap
Flagged detection-engineering queue
Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.
Infrastructure
IOC type mix
Tooling / malware families
Relationships
Activity
30-day mention timeline
Recent reporting
| Title | Source | Severity | Collected |
|---|