TIARAS - admin@338

Threat Actor Profile

High APT

Description

admin@338is a China-based cyber threat group. It has previously used newsworthy events as lures to deliver malware and has primarily targeted organizations involved in financial, economic, and trade policy, typically using publicly available RATs such asPoisonIvy, as well as some non-public backdoors.[1]

Confidence Score

100%

First Seen

May 31, 2017

Last Updated

April 29, 2026
18 hours, 38 minutes ago

Active Status

Active

Created

April 29, 2026

MITRE ATT&CK Techniques (12)

T1036 - Masquerading

Defense Evasion

T1007 - System Service Discovery

Discovery

T1016 - System Network Configuration Discovery

Discovery

T1049 - System Network Connections Discovery

Discovery

T1069 - Permission Groups Discovery

Discovery

T1082 - System Information Discovery

Discovery

T1083 - File and Directory Discovery

Discovery

T1087 - Account Discovery

Discovery

T1059 - Command and Scripting Interpreter

Execution

T1203 - Exploitation for Client Execution

Execution

T1204 - User Execution

Execution

T1566 - Phishing

Initial Access

Indicators of Compromise

Loading IOCs…

STIX Data

{'aliases': [],
 'description': 'admin@338is a China-based cyber threat group. It has '
                'previously used newsworthy events as lures to deliver malware '
                'and has primarily targeted organizations involved in '
                'financial, economic, and trade policy, typically using '
                'publicly available RATs such asPoisonIvy, as well as some '
                'non-public backdoors.[1]',
 'external_references': [{'external_id': 'G0018',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/groups/G0018/'}],
 'id': 'threat-actor--G0018',
 'metadata': {'contributors': 'Tatsuya Daitoku, Cyber Defense Institute, Inc.',
              'crawled_at': '2026-04-29T14:32:18.289531+00:00',
              'created_date': '31 May 2017',
              'last_modified': '25 April 2025',
              'mitre_group_id': 'G0018',
              'page_title': 'admin@338, Group G0018 | MITRE ATT&CK®',
              'version': '1.2'},
 'name': 'admin@338',
 'type': 'threat-actor'}

Quick Actions

Related TTPs (12)

Masquerading
Defense Evasion

System Service Discovery
Discovery

System Network Configuration …
Discovery

System Network Connections Di…
Discovery

Permission Groups Discovery
Discovery

View All 12 TTPs

Back to Threat Actors

Dashboard Home

Threat Actor Profile

Description

Confidence Score

Tags

First Seen

Last Updated

Active Status

Created

MITRE ATT&CK Techniques (12)

T1036 - Masquerading

T1007 - System Service Discovery

T1016 - System Network Configuration Discovery

T1049 - System Network Connections Discovery

T1069 - Permission Groups Discovery

T1082 - System Information Discovery

T1083 - File and Directory Discovery

T1087 - Account Discovery

T1059 - Command and Scripting Interpreter

T1203 - Exploitation for Client Execution

T1204 - User Execution

T1566 - Phishing

Indicators of Compromise

IOC KQL for Sentinel

STIX Data

Quick Actions

Related TTPs (12)

Please wait…