Skip to content

Commit

Permalink
new threat actor - Sandman APT
Browse files Browse the repository at this point in the history
new threat actor - Sandman APT
  • Loading branch information
jstnk9 committed Dec 15, 2023
1 parent 8ec38b9 commit 0dd2f95
Showing 1 changed file with 40 additions and 0 deletions.
40 changes: 40 additions & 0 deletions clusters/threat-actor.json
Original file line number Diff line number Diff line change
Expand Up @@ -13785,6 +13785,46 @@
},
"uuid": "86dfe64e-7101-4d45-bb94-efc40c5e14fe",
"value": "UNC2630"
},
{
"description": "First disclosed in 2023, the Sandman APT is likely associated with suspected China-based threat clusters known for using the KEYPLUG backdoor, specifically STORM-0866/Red Dev 40. Sandman is tracked as a distinct cluster, pending additional conclusive information. A notable characteristic is its use of the LuaDream backdoor. LuaDream is based on the Lua platform, a relatively rare occurrence in the cyberespionage domain, historically associated with APTs considered Western or Western-aligned.",
"meta": {
"cfr-suspected-victims": [
"Middle East",
"Southeast Asian",
"France",
"Egypt",
"Sudan",
"South Sudan"
"Libya",
"Turkey",
"Saudi Arabia",
"Oman",
"Yemen",
"Sri Lanka",
"India",
"Pakistan",
"Iran",
"Afghanistan",
"Kuwait",
"Iraq",
"United Arab Emirates"
],
"cfr-target-category": [
"Government",
"Telecommunications"
],
"attribution-confidence": "50",
"country": "CN",
"cfr-suspected-state-sponsor": "China",
"cfr-type-of-incident": "Espionage",
"references": [
"https://www.sentinelone.com/labs/sandman-apt-china-based-adversaries-embrace-lua/",
"https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/"
]
},
"uuid": "00b84012-fa25-4942-ad64-c76be24828a8",
"value": "Sandman APT"
}
],
"version": 295
Expand Down

0 comments on commit 0dd2f95

Please sign in to comment.