CL-UNK-1068CL-UNK-1068

Also known as: CL-UNK-1068

Known aliases
1

Profile

CL-UNK-1068 is a Chinese threat actor that has targeted critical infrastructure in Asia, primarily focusing on cyberespionage. They utilize cross-platform tools, including the Xnote Linux backdoor and the GodZilla web shell, to maintain a persistent presence and execute credential theft. Their TTPs involve DLL side-loading, the use of custom malware, and batch scripts to bypass security measures. The group has demonstrated a capability for data exfiltration from SQL servers and has employed tools like DumpIt and Volatility for memory analysis.

Aliases· 1

CL-UNK-1068

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
CL-STA-1087
Actor
UNC6619
Actor
UNC6691
Actor
UTG-Q-008
Actor
CL-STA-0048
Actor
Unnamed Actor
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.