admin@338

Threat Actor Profile Updated 13 days ago
Download STIX
Preview STIX
Admin@338 is a threat actor or group that has been identified as originating from China and is known for executing cyber-attacks with malicious intent. Tracked by FireEye as an uncategorized Advanced Persistent Threat (APT) group, this actor has been linked to multiple cybersecurity incidents. One notable activity involved the use of a malware payload named LOWBALL, which was embedded in email messages containing malicious documents. This specific operation was targeted towards Hong Kong, despite differing sponsorship, indicating that penetration of media organizations based in Hong Kong and Taiwan remains a high priority for China-based threat groups. In another incident, admin@338 was observed uploading a second-stage malware known as BUBBLEWRAP (also referred to as Backdoor.APT.FakeWinHTTPHelper) to their Dropbox account. The command sequence used during this operation included renaming and starting certain files, directing system information to a download file, and deleting original commands. This is not the first time that admin@338 has utilized BUBBLEWRAP, suggesting a preference or specialty in using this particular type of malware. To sum up, admin@338 presents a significant cybersecurity threat, particularly to organizations based in Hong Kong and Taiwan. Their use of sophisticated malware such as LOWBALL and BUBBLEWRAP, coupled with advanced techniques like multi-stage attacks, underscores the level of their capabilities. It's essential for organizations to remain vigilant against such threats, employing robust security measures and staying abreast of the latest developments in the cybersecurity landscape.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the admin@338 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
The EPS Awakens - Part 2 « Threat Research
MITRE
a year ago
China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets | Mandiant