“We are about to land.” : How CloudDragon Turns a Nightmare into Reality
2021-05-07 • Team T5 •
Attachments
The CloudDragon report describes an APT intrusion playbook built around supply-chain compromise, phishing, and mobile targeting. The presentation highlights malware and tooling associated with the activity, including JamBog or AppleSeed, DongMulRAT, GoldDragon variants, FlowerPower, and NavRAT-related capabilities. It frames the campaign as a multi-stage threat that uses social engineering and compromised software channels to reach targets before deploying payloads and collecting intelligence from victim systems.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 4ba6baf75625bddc5e1bc3fd40d04b1e | 2021-05-07 | 2021-05-07 |
Related Actors
Related Reports
Shares tag: CloudDragon • Same author: Team T5 • Published within a month
Shares tag: CloudDragon • Same author: Team T5 • Published within a week
Shares tags: CloudDragon, Slides • Same author: Team T5
Shares tag: CloudDragon • Same author: Team T5
2021-05-21 •
53% Match
#Trend
#CloudDragon
#T1140
#T1071.001
#T1027
#T1204.002
#T1071
#T1518.001
#T1566.001
#T1547.001
#T1053.005
#T1059.001
#T1036.005
#T1574.002
#T1133
#T1055.012
#T1218.011
#T1021.001
#T1574.001
#T1047
#T1560.001
#T1543.003
#T1087.002
#T1482
#T1070.001
#T1003.002
#T1053.002
#T1003.003
Shares tag: CloudDragon • Published within a month
2022-11-28 •
43% Match
CloudDragon’s Credential Factory is Powering Up Its Espionage Activities Against All the Policymakers
Team T5
Shares tag: CloudDragon • Same author: Team T5