🇨🇳

UNC4841

APT Group Information theft and espionage 8 zero-day CVEs ETDA ✓

Also Known As 1 names

SLIME57

Target Countries 4

Countries highlighted in red

United Kingdom Lebanon Mexico United States

Sectors Targeted

Medical Equipment and Supplies Manufacturing 33911 Outpatient Care Centers 6214 Internet Publishing and Broadcasting and Web Search Portals 51913 Computer Systems Design Services 541512 Advertising Agencies 54181

Details

Origin 🇨🇳 CN
Last Updated 25 Nov 2023

MITRE ATT&CK 57

T1003 - OS Credential Dumping T1005 - Data from Local System T1021 - Remote Services T1021.004 T1027 - Obfuscated Files or Information T1036.005 - Match Legitimate Name or Location T1040 T1041 - Exfiltration Over C2 Channel T1048 T1048.003 T1053 - Scheduled Task/Job T1055 - Process Injection T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.002 - AppleScript T1059.004 - Unix Shell T1059.007 - JavaScript T1068 - Exploitation for Privilege Escalation T1070 T1070.002 T1071 - Application Layer Protocol T1071.001 T1071.004 - DNS T1078 - Valid Accounts T1078.001 T1082 - System Information Discovery T1090 - Proxy T1098 T1098.004 T1105 - Ingress Tool Transfer T1110 T1110.002 T1112 - Modify Registry T1136 T1140 - Deobfuscate/Decode Files or Information T1190 - Exploit Public-Facing Application T1222.002 - Linux and Mac File and Directory Permissions Modification T1543 - Create or Modify System Process T1547.001 - Registry Run Keys / Startup Folder T1553.006 - Code Signing Policy Modification T1562 - Impair Defenses T1562.004 T1568 - Dynamic Resolution T1571 - Non-Standard Port T1572 T1574 - Hijack Execution Flow T1583.001 - Domains T1587 T1587.001 T1588 T1588.002 T1589.002 - Email Addresses T1590 T1590.001 - Domain Properties T1590.004 T1602 T1602.002

Related Zero-Days 8

CVE-2021-26857 CVE-2021-26858 CVE-2021-27065 CVE-2022-3236 CVE-2023-2868 CVE-2023-46805 CVE-2024-21887 CVE-2024-3400