Suspected China-Based Espionage Operation Against Military Targets in Southeast Asia
ID: 72ef093d-1d34-55fb-b9ff-f8e805402c65
STIX ID: report--72ef093d-1d34-55fb-b9ff-f8e805402c65
Feed Name: Palo Alto Networks Unit 42
Threat Score
This report details a long-running, suspected China-linked APT espionage campaign (CL-STA-1087) against Southeast Asian military organizations that uses custom backdoors (AppleChris, MemFun), a modified Mimikatz credential harvester (Getpass), Dead Drop Resolver techniques via Pastebin/Dropbox, and persistent C2 infrastructure; it provides in-depth technical analysis, IOCs (file hashes and C2 IPs), attacker TTPs, and mitigation recommendations.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.