CN

TeleboyiTeleboyi

Also known as: Teleboyi

Origin
CN
Known aliases
1

Profile

Teleboyi is a threat actor reportedly based in China, associated with the PlugX RAT. TeamT5 identified a custom PlugX loader used by Teleboyi that employs a similar string decryption algorithm as seen in the McUtil.dll loader from Operation Harvest. While there are weak links to the dsqurey[.]com domain, the connection remains uncertain due to the domain's registration history.

Aliases· 1

Teleboyi

References

  1. https://www.trendmicro.com/en_us/research/25/b/updated-shadowpad-malware-leads-to-ransomware-deployment.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
TA547
Actor
TA570
Actor
GhostEmperor
Actor
TA577
Actor
Earth Berberoka
Actor
Chaya_004
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.