UAT-8302 and its box full of malware

UAT-8302 is a China-nexus APT targeting government and related entities since at least late 2024; the Talos report details how the group gains access (exploits and red-team tooling), performs reconnaissance and lateral movement, and deploys multiple custom and reused malware families (NetDraft/FringePorch, CloudSorcerer v3, VSHELL with SNOWLIGHT/SNOWRUST, SNAPPYBEE/DeedRAT, ZingDoor) — the report includes comprehensive TTPs and IOCs (hashes, domains, IPs) to aid detection and response.