Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

Sharp Dragon Expands Towards Africa and The Caribbean

May 23, 2024, 2:55 p.m.

Description

Check Point Research has observed a significant shift in the activities and lures of Sharp Dragon, a Chinese threat actor, now targeting governmental organizations in Africa and the Caribbean. This expansion aligns with Sharp Dragon's known tactics of compromising email accounts to spread weaponized documents and deploy malware like Cobalt Strike Beacon. The actors exploit government relationships to establish footholds in new territories, demonstrating increased reconnaissance efforts and utilizing compromised infrastructure as command-and-control servers.

Date

Published: May 23, 2024, 2:17 p.m.

Created: May 23, 2024, 2:17 p.m.

Modified: May 23, 2024, 2:55 p.m.

Indicators

ff35cfed656c0cac5571beae7170a2fec007e75417c1d0c4fd7af4185759ec38

ea72011929dece4684a2dcb5b76f34cef437dbe50306f19c531d632bf26e7f32

e848355359de1e59901aa387f2d208889c368663438909fd3bb0a97566de2b2d

e6faf05234ceaaba3bdcca60285a7ba83eea229a0ca241e94fb314a73ad98d87

cd737ac8d66a47d341dd4a3c98ab0d2c77c7558d9a0161f7d08a4ab310d440ba

c1e403dd787f197f928960c723866424e343789a0422dbe8c98ed2214500d151

cc805511e106a9b5302a4db4bfbb98609aca3dcbd2f709aee8ae316f479dfd49

bff674439ea8333b227f6d05caa05b2e3fe592825abd63272d4f1e4c2dfa88ea

b952a459dac430d006a4d573612ca8474a410310792ea8141f9ab339214f4e57

9885b220b9654ac4743fe907e67da38d723fee2abf2dcd5944aa3a00c4a59c31

941e52ce5ce89b7307bdfe1b88657dfd76892b475971b86683cfc6fbca23e209

8e72c9517b0220f8ed6973cfc36f478fc7837fe536c5859554661bc1e7ee4254

7b21b95c4256308e8089bff38d5d20845f2dc28fa9e536de979ceab9b7962afa

7575ebdd90aa0ab66c4eeaecd628c475e406ac9bcc54de5e01a3d372a050aec7

708722bafe35a9fdc94ac33b1970776c464f1bb4e9c2ea1c1dba3a9e1ba03ab3

6783545b9fa8dd14890644c166a35f3cee78329f9522c6ee53149698e5889695

59a9d10eba81d62337f38d8f72a15f283e1f4bc9daa99fe0c08f780f3e4da839

42095521622c055db8d79441317952c0899c34d7b776f6f45855581fb86522dc

362b9f497fce52a3f14ad9de2a027d974cc810473c929fed7c37526d2f13f83a

2faf9615227728b2e7b9cfc548d4210452adc08b3ec500c1b46f2e04fa165816

2c7e52eb8290d76780b6ac15a134b58a74c95bc616fd0d91a3f9514409a12846

20a4256443957fbae69c7c666ae025522533b849e01680287177110603a83a41

1db1cf2df0551762eaef0a92923da2f3d032663fdcb331d9474f5398b8ae4398

1c2a10f282f1a24d88c74d8d324fb59b172cee4ee2e3e3996d9a62ba979812a6

0373ef0a7874bd8506dc64dd82ef2c6d7661a3250c8a9bb8cb8cb75a7330c1d2

04f7ae8042e0ed457dd6b86d6e8a40bd361357724b38d3aac7358f5e643299c6

21f173a347ed111ce67e4c0f2c0bd4ee34bb7ca765da03635ca5c0df394cd7e6

57b64a1ef1b04819ca9473e1bb74e1cf4be76b89b144e030dc1ef48f446ff95b

180f5a0f9210698b54dcafb9a230b12e3eaf199889e5377a2acb7124c2d48d69

45.251.241.12

38.54.96.97

38.54.50.182

103.146.78.152

185.239.226.91

45.76.193.171

103.56.17.192

schemas.openxmlformats.shop

dueog.xyz

Attack Patterns

Cobalt Strike Beacon

Sharp Dragon

T1584.004

T1021.006

T1195.002

T1588.001

T1588

T1053.005

T1059.005

T1059.003

T1059.007

T1036.005

T1070.004

T1204.002

T1566.001

T1219

T1566

T1078

CVE-2023-0669

Additional Informations

Central African Republic

South Africa