216.73.217.22

admin@338

· Published 16/12/2025 19:39 · Modified 27/03/2026 01:13 · Source: The MITRE Corporation

Essential information

Confidence
100/100
Published
16/12/2025 19:39
Modified
27/03/2026 01:13
Updated at
27/03/2026 01:13
Revoked
No
Author / Source
The MITRE Corporation
Resource level
Primary motivation
Related entities
12 attack patterns (mitre), 3 malware, 4 tool

Description

[admin@338](https://attack.mitre.org/groups/G0018) is a China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in financial, economic, and trade policy, typically using publicly available RATs such as [PoisonIvy](https://attack.mitre.org/software/S0012), as well as some non-public backdoors. (Citation: FireEye admin@338)

Marking (TLP)

Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.

External references

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Attack patterns (MITRE) (12)

  • T1566.001 uses
    Spearphishing Attachment
  • T1059.003 uses
    Windows Command Shell
  • T1203 uses
    Exploitation for Client Execution
  • T1083 uses
    File and Directory Discovery
  • T1036.005 uses
    Match Legitimate Resource Name or Location
  • T1087.001 uses
    Local Account
  • T1069.001 uses
    Local Groups
  • T1204.002 uses
    Malicious File
  • T1016 uses
    System Network Configuration Discovery
  • T1082 uses
    System Information Discovery
  • T1049 uses
    System Network Connections Discovery
  • T1007 uses
    System Service Discovery

Malware (3)

  • PoisonIvy
  • LOWBALL
  • BUBBLEWRAP uses
    Family
    Published 30/01/2026 08:48 · Modified 30/01/2026 08:48

Tool (4)

  • ipconfig uses
    The MITRE Corporation Confidence 100

    [ipconfig](https://attack.mitre.org/software/S0100) is a Windows utility that can be used to find information about a system's TCP/IP, DNS, DHCP, and adapter configuration. (Citation: TechNet Ipconfig)

    Published 31/05/2017 23:33 · Modified 27/03/2026 01:07
  • Net uses
    The MITRE Corporation Confidence 100

    The [Net](https://attack.mitre.org/software/S0039) utility is a component of the Windows operating system. It is used in command-line operations for control of users, groups, services, and network connections. (Citation: Microsoft …

    Published 31/05/2017 23:32 · Modified 27/03/2026 01:07
  • netstat uses
    The MITRE Corporation Confidence 100

    [netstat](https://attack.mitre.org/software/S0104) is an operating system utility that displays active TCP connections, listening ports, and network statistics. (Citation: TechNet Netstat)

    Published 31/05/2017 23:33 · Modified 27/03/2026 01:07
  • Systeminfo uses
    The MITRE Corporation Confidence 100

    [Systeminfo](https://attack.mitre.org/software/S0096) is a Windows utility that can be used to gather detailed information about a computer. (Citation: TechNet Systeminfo)

    Published 31/05/2017 23:33 · Modified 27/03/2026 01:07