CN

WIP19WIP19

Also known as: WIP19

Origin
CN
Known aliases
1

Profile

WIP19 is a Chinese-speaking threat group involved in espionage targeting the Middle East and Asia. They utilize a stolen certificate to sign their malware, including SQLMaggie, ScreenCap, and a credential dumper. The group has been observed targeting telecommunications and IT service providers, using toolsets authored by WinEggDrop. WIP19's activities suggest they are after specific information and are part of the broader Chinese espionage landscape.

Aliases· 1

WIP19

References

  1. https://www.sentinelone.com/labs/wip19-espionage-new-chinese-apt-targets-it-service-providers-and-telcos-with-signed-malware/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
APT19
Actor
UAC-0219
Actor
UAT-5918
Group
Operation Wocao
Actor
APT18
Actor
BRONZE SPRING
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.