Rectifyq📃Title: Grayfly: Chinese Threat Actor Uses Newly-discovered Sidewalk Malware
📅Date: 2021-09-09
🔗References:
Description
Recent campaigns involved exploits against Exchange and MySQL servers. Group has heavy focus on telecoms sector. A recently discovered backdoor, Sidewalk, has been linked to the China-linked Grayfly espionage group. The malware has been deployed in recent Grayfly campaigns against a number of organizations in Taiwan, Vietnam, the United States, and Mexico
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: TA-profile
- target: targeted
- MY-relevancy: relevant
🔖MISP Galaxies:
- target-information=“Thailand”
- target-information=“Singapore”
- target-information=“Indonesia”
- target-information=“Chile”
- target-information=“United Kingdom”
- target-information=“Australia”
- target-information=“Pakistan”
- target-information=“Malaysia”
- target-information=“Hong Kong”
- target-information=“Japan”
- target-information=“South Korea”
- target-information=“Mexico”
- target-information=“India”
- target-information=“United States”
- target-information=“Vietnam”
- target-information=“Taiwan”
- producer Symantec
- threat-actor APT41
- malpedia=“MimiKatz”
- malpedia=“SideWalk (Windows)”
- sector=“Telecoms”
- mitre-attack-pattern=[‘T1003’, ‘T1049’, ‘T1059’, ‘T1068’, ‘T1505’, ‘T1059.001’, ‘T1027’]
MISP event uuid: a58cbce5-e0fa-4016-9bff-031c1997cda8
Indicator of Compromise (IoCs)
type,value,comment
sha256, 25a7c1f94822dc61211de253ff0a5805a0eb83921126732a0d52b1f1967cf079, 'Sidewalk loader No sample in VT\r\nLast check:23/02/2025'
sha256, b3eb783b017da32e33d19670b39eae0b11de8e983891dd4feb873d6e9333608d, 'Mimikatz No sample in VT\r\nLast check:23/02/2025'
Full IOCs available in Rectifyq's MISP```