From 93d9db10a3dbe336092af6e9c2784c5fc353d3b8 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Mon, 20 Nov 2023 09:29:05 -0800
Subject: [PATCH] [threat-actors] Add Moshen Dragon

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index bf4aa6e..c881b72 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -13277,6 +13277,17 @@
       },
       "uuid": "43236d8e-27ee-40f1-ad15-a2ad23738a76",
       "value": "N4ughtysecTU"
+    },
+    {
+      "description": "Moshen Dragon is a Chinese-aligned cyberespionage threat actor operating in Central Asia. They have been observed deploying multiple malware triads and utilizing DLL search order hijacking to sideload ShadowPad and PlugX variants. The threat actor also employs various tools, including an LSA notification package and a passive backdoor known as GUNTERS. Their activities involve targeting the telecommunication sector and leveraging Impacket for lateral movement and data exfiltration.",
+      "meta": {
+        "country": "CN",
+        "refs": [
+          "https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/"
+        ]
+      },
+      "uuid": "41243ff2-e4f1-4605-9259-ab494c1c8c04",
+      "value": "Moshen Dragon"
     }
   ],
   "version": 294