My Tea's not cold. An overview of China's cyber threat
Tags
cmtmf-attack-pattern: Masquerading
country: Afghanistan Australia Bosnia And Herzegovina Belgium Bolivia Malaysia Cambodia Canada China Czechia Sri Lanka Netherlands Nepal Germany Nigeria France Guam Hong Kong Hungary India Indonesia Pakistan Israel Italy Japan South Korea Sweden Thailand Macao Myanmar Philippines Serbia Suriname Russia Vietnam Taiwan Ukraine United States Of America
maec-delivery-vectors: Watering Hole
attack-pattern: Data Direct Dll Side-Loading - T1574.002 Domains - T1583.001 Domains - T1584.001 Firmware - T1592.003 Html Smuggling - T1027.006 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Network Devices - T1584.008 Server - T1583.004 Server - T1584.004 Social Media - T1593.001 Software - T1592.002 Steganography - T1001.002 Steganography - T1406.001 Steganography - T1027.003 Trap - T1546.005 Vulnerabilities - T1588.006 Connection Proxy - T1090 Dll Side-Loading - T1073 Masquerading - T1036 Trap - T1154 Denial Of Service Masquerading
Show in Graph
Common Information
Type Value
UUID 70a7ef89-66d1-4747-ab80-0b27f21e9f00
Fingerprint f7b1d11db0538780
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 7, 2023, 3:39 p.m.
Added to db Nov. 18, 2023, 11:45 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline My Tea’s not cold. An overview of China’s cyber threat
Title My Tea's not cold. An overview of China's cyber threat
Detected Hints/Tags/Attributes 278/4/35
Source URLs
Redirection Url
Details Source https://blog.sekoia.io/my-teas-not-cold-an-overview-of-china-cyber-threat/
URL Provider
Details Provider Source level domain
Details sekoia.io blog.sekoia.io
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 59 Sekoia.io Blog https://blog.sekoia.io/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 3 
cve-2021-44207
Details CVE 397 
cve-2021-44228
Details CVE 34 
cve-2022-41328
Details CVE 117 
cve-2023-2868
Details CVE 105 
cve-2022-41040
Details CVE 127 
cve-2022-41082
Details CVE 90 
cve-2022-42475
Details CVE 3 
cve-2022-49475
Details Domain 118 
sekoia.io
Details Domain 1 
ig.ft.com
Details Domain 72 
symantec-enterprise-blogs.security.com
Details Domain 262 
www.welivesecurity.com
Details Email 18 
tdr@sekoia.io
Details Mandiant Temporary Group Assumption 35 
TEMP.HEX
Details Mandiant Uncategorized Groups 15 
UNC4191
Details Mandiant Uncategorized Groups 52 
UNC3886
Details Mandiant Uncategorized Groups 54 
UNC4841
Details Mandiant Uncategorized Groups 7 
UNC4698
Details MITRE ATT&CK Techniques 227 
T1574.002
Details MITRE ATT&CK Techniques 23 
T1027.006
Details Threat Actor Identifier - APT 522 
APT41
Details Threat Actor Identifier - APT 278 
APT10
Details Threat Actor Identifier - APT 143 
APT40
Details Threat Actor Identifier - APT 85 
APT15
Details Threat Actor Identifier - APT 7 
APT25
Details Threat Actor Identifier - APT 166 
APT31
Details Url 1 
https://ig.ft.com/taiwan-economy/.
Details Url 1 
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/china-apt-antlion-taiwan-financial-attacks.
Details Url 1 
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/apt-attacks-telecoms-africa-mgbot.
Details Url 2 
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/flea-backdoor-microsoft-graph-apt15.
Details Url 1 
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/hydrochasma-asia-medical-shipping-intelligence-gathering.
Details Url 1 
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/witchetty-steganography-espionage.
Details Url 2 
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-asia-governments.
Details Url 1 
https://www.welivesecurity.com/2022/09/06/worok-big-picture
Details Url 1 
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/blackfly-espionage-materials.