{
  "name": "Sharp Dragon Expands Towards Africa and The Caribbean",
  "slug": "sharp-dragon-expands-towards-africa-and-the-caribbean",
  "description": "Check Point Research has observed a significant shift in the activities and lures of Sharp Dragon, a Chinese threat actor, now targeting governmental organizations in Africa and the Caribbean. This expansion aligns with Sharp Dragon's known tactics of compromising email accounts to spread weaponized documents and deploy malware like Cobalt Strike Beacon. The actors exploit government relationships to establish footholds in new territories, demonstrating increased reconnaissance efforts and utilizing compromised infrastructure as command-and-control servers.",
  "published": "2024-05-23T12:17:53+00:00",
  "created_at": "2024-05-23T12:17:53+00:00",
  "modified_at": "2024-05-23T12:55:28+00:00",
  "created_at_opencti": "2024-05-23T12:17:53+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-05-23",
    "CVE-2023-0669",
    "africa",
    "caribbean",
    "cobalt strike beacon",
    "cyber",
    "espionage",
    "expansion",
    "government",
    "targeting"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "45.251.241.12"
      },
      {
        "id": "",
        "name": "38.54.96.97"
      },
      {
        "id": "",
        "name": "38.54.50.182"
      },
      {
        "id": "",
        "name": "103.146.78.152"
      },
      {
        "id": "",
        "name": "185.239.226.91"
      },
      {
        "id": "",
        "name": "45.76.193.171"
      },
      {
        "id": "",
        "name": "103.56.17.192"
      },
      {
        "id": "",
        "name": "schemas.openxmlformats.shop"
      },
      {
        "id": "",
        "name": "dueog.xyz"
      },
      {
        "id": "",
        "name": "ff35cfed656c0cac5571beae7170a2fec007e75417c1d0c4fd7af4185759ec38"
      },
      {
        "id": "",
        "name": "ea72011929dece4684a2dcb5b76f34cef437dbe50306f19c531d632bf26e7f32"
      },
      {
        "id": "",
        "name": "e848355359de1e59901aa387f2d208889c368663438909fd3bb0a97566de2b2d"
      },
      {
        "id": "",
        "name": "e6faf05234ceaaba3bdcca60285a7ba83eea229a0ca241e94fb314a73ad98d87"
      },
      {
        "id": "",
        "name": "cd737ac8d66a47d341dd4a3c98ab0d2c77c7558d9a0161f7d08a4ab310d440ba"
      },
      {
        "id": "",
        "name": "c1e403dd787f197f928960c723866424e343789a0422dbe8c98ed2214500d151"
      },
      {
        "id": "",
        "name": "cc805511e106a9b5302a4db4bfbb98609aca3dcbd2f709aee8ae316f479dfd49"
      },
      {
        "id": "",
        "name": "bff674439ea8333b227f6d05caa05b2e3fe592825abd63272d4f1e4c2dfa88ea"
      },
      {
        "id": "",
        "name": "b952a459dac430d006a4d573612ca8474a410310792ea8141f9ab339214f4e57"
      },
      {
        "id": "",
        "name": "9885b220b9654ac4743fe907e67da38d723fee2abf2dcd5944aa3a00c4a59c31"
      },
      {
        "id": "",
        "name": "941e52ce5ce89b7307bdfe1b88657dfd76892b475971b86683cfc6fbca23e209"
      },
      {
        "id": "",
        "name": "8e72c9517b0220f8ed6973cfc36f478fc7837fe536c5859554661bc1e7ee4254"
      },
      {
        "id": "",
        "name": "7b21b95c4256308e8089bff38d5d20845f2dc28fa9e536de979ceab9b7962afa"
      },
      {
        "id": "",
        "name": "7575ebdd90aa0ab66c4eeaecd628c475e406ac9bcc54de5e01a3d372a050aec7"
      },
      {
        "id": "",
        "name": "708722bafe35a9fdc94ac33b1970776c464f1bb4e9c2ea1c1dba3a9e1ba03ab3"
      },
      {
        "id": "",
        "name": "6783545b9fa8dd14890644c166a35f3cee78329f9522c6ee53149698e5889695"
      },
      {
        "id": "",
        "name": "59a9d10eba81d62337f38d8f72a15f283e1f4bc9daa99fe0c08f780f3e4da839"
      },
      {
        "id": "",
        "name": "42095521622c055db8d79441317952c0899c34d7b776f6f45855581fb86522dc"
      },
      {
        "id": "",
        "name": "362b9f497fce52a3f14ad9de2a027d974cc810473c929fed7c37526d2f13f83a"
      },
      {
        "id": "",
        "name": "2faf9615227728b2e7b9cfc548d4210452adc08b3ec500c1b46f2e04fa165816"
      },
      {
        "id": "",
        "name": "2c7e52eb8290d76780b6ac15a134b58a74c95bc616fd0d91a3f9514409a12846"
      },
      {
        "id": "",
        "name": "20a4256443957fbae69c7c666ae025522533b849e01680287177110603a83a41"
      },
      {
        "id": "",
        "name": "1db1cf2df0551762eaef0a92923da2f3d032663fdcb331d9474f5398b8ae4398"
      },
      {
        "id": "",
        "name": "1c2a10f282f1a24d88c74d8d324fb59b172cee4ee2e3e3996d9a62ba979812a6"
      },
      {
        "id": "",
        "name": "0373ef0a7874bd8506dc64dd82ef2c6d7661a3250c8a9bb8cb8cb75a7330c1d2"
      },
      {
        "id": "",
        "name": "04f7ae8042e0ed457dd6b86d6e8a40bd361357724b38d3aac7358f5e643299c6"
      },
      {
        "id": "",
        "name": "21f173a347ed111ce67e4c0f2c0bd4ee34bb7ca765da03635ca5c0df394cd7e6"
      },
      {
        "id": "",
        "name": "57b64a1ef1b04819ca9473e1bb74e1cf4be76b89b144e030dc1ef48f446ff95b"
      },
      {
        "id": "",
        "name": "180f5a0f9210698b54dcafb9a230b12e3eaf199889e5377a2acb7124c2d48d69"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:4b1b349e1bbd4cb0",
        "name": "Cobalt Strike Beacon",
        "slug": "cobalt-strike-beacon"
      }
    ],
    "intrusion_sets": [
      {
        "id": "1f7d6c28-adb5-4718-8655-6243a7d52050",
        "name": "Sharp Dragon",
        "slug": "sharp-dragon"
      }
    ],
    "attack_patterns": [
      {
        "id": "7ec3a60f-8eaa-4766-ab47-1a220616a29c",
        "name": "T1584.004"
      },
      {
        "id": "9643a7e9-771b-4396-83a3-26fcec5200e4",
        "name": "T1021.006"
      },
      {
        "id": "1d0d9e67-eb8a-439c-a2c7-cab311bb25c4",
        "name": "T1195.002"
      },
      {
        "id": "2ccc4626-0e86-4148-a5a8-2aa270e22dbd",
        "name": "T1588.001"
      },
      {
        "id": "7616ff60-a18f-4663-9824-b889aa01c8ce",
        "name": "T1588"
      },
      {
        "id": "40f0d8e3-bcd7-4b97-a958-f55815698fc5",
        "name": "T1053.005"
      },
      {
        "id": "9e784d22-5a6c-4da6-968a-5fab2f019efd",
        "name": "T1059.005"
      },
      {
        "id": "6b2e0999-c7e8-4662-94ac-19aa8520ee46",
        "name": "T1059.003"
      },
      {
        "id": "9322d33b-00c1-4f99-9f1a-a33d93c0dac2",
        "name": "T1059.007"
      },
      {
        "id": "6ccd4566-e15e-40cf-b7df-4a3f737ce5cd",
        "name": "T1036.005"
      },
      {
        "id": "eaff4611-3c78-4127-8745-726f77ed68ba",
        "name": "T1070.004"
      },
      {
        "id": "196f2a64-c55b-47a6-8e38-beb76ba700b6",
        "name": "T1204.002"
      },
      {
        "id": "dc410646-9cdd-427b-92e7-179a54f78f90",
        "name": "T1566.001"
      },
      {
        "id": "c12e0e03-aab0-4646-a929-e921a3d27f02",
        "name": "T1219"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      },
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      }
    ],
    "vulnerabilities": [
      {
        "id": "",
        "name": "CVE-2023-0669"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Central African Republic"
      },
      {
        "id": "",
        "name": "South Africa"
      }
    ]
  },
  "external_refs": [
    "https://research.checkpoint.com/2024/sharp-dragon-expands-towards-africa-and-the-caribbean/",
    "https://otx.alienvault.com/pulse/664f5011f52fd1fa64dc3961"
  ]
}