From 1725fd3b1b85a36d463e0e052491193aa6748f82 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 9 Sep 2024 08:18:23 -0700
Subject: [PATCH] [threat-actors] Add UTG-Q-010

---
 clusters/threat-actor.json | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index dc53ae09..1c35d920 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16667,6 +16667,16 @@
       },
       "uuid": "096c57c1-263f-463e-8089-e553872db149",
       "value": "Fail0verflow"
+    },
+    {
+      "description": "UTG-Q-010 is a financially motivated APT group from East Asia that has been active since late 2022, primarily targeting the pharmaceutical industry and cryptocurrency enthusiasts. They exploit legitimate Windows processes, such as \"WerFault.exe,\" to sideload malicious DLLs like \"faultrep.dll\" and employ sophisticated phishing campaigns to deliver malware disguised as enticing content. Their recent campaigns have involved the use of the Pupy RAT and advanced defense evasion techniques, including in-memory execution and reflective DLL loading. UTG-Q-010's strategic focus on HR departments and the cryptocurrency sector highlights their understanding of target vulnerabilities and their ability to evade detection.",
+      "meta": {
+        "refs": [
+          "https://cyble.com/blog/analysing-the-utg-q-010-campaign/"
+        ]
+      },
+      "uuid": "279ca8a7-1d04-4d95-aa8c-32c758c2de2b",
+      "value": "UTG-Q-010"
     }
   ],
   "version": 313