BLACKCOFFEE

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[BLACKCOFFEE](https://attack.mitre.org/software/S0069) is malware that has been used by several Chinese groups since at least 2013. (Citation: FireEye APT17) (Citation: FireEye Periscope March 2018)

Associated Techniques (7)

ID	ATT&CK	Tactics
T1057	Process Discovery	-
T1059.003	Windows Command Shell	-
T1070.004	File Deletion	-
T1083	File and Directory Discovery	-
T1102.001	Dead Drop Resolver	-
T1102.002	Bidirectional Communication	-
T1104	Multi-Stage Channels	-

Used by Actors (3)

APT17
Nation-state

APT41
Nation-state

Leviathan
Unknown

Metadata

ID:	587
Created:	13/01/2026 17:48
Updated:	06/03/2026 16:00