We extend our best wishes and we also want them to have LUCK– a very important word,
Remember the Q's MickeyMouse post?
LuckyMouse
The tag is: misp-galaxy:mitre-intrusion-set="Threat Group-3390 - G0027"
Threat Group-3390 - G0027 is also known as:
Threat Group-3390
>LuckyMouse
TG-3390
Emissary Panda
BRONZE UNION
APT27
Iron Tiger
"Experts assigned the codename of LuckyMouse to the group behind this hack, but they later realized the attackers were an older Chinese threat actor known under various names in the reports of other cyber-security firms, such as Emissary Panda, APT27, Threat Group 3390, Bronze Union, ZipToken, and Iron Tiger"
Associated Families
win.zxshell
win.chinachopper
win.hyperbro
win.httpbrowser
win.unidentified_060
win.ghost_rat
win.plugx
https://malpedia.caad.fkie.fraunhofer.de/actor/luckymouse
https://betanews.com/2018/06/16/kaspersky-luckymouse-hackers/
http://download01.norman.no/documents/ThemanyfacesofGh0stRat.pdf
[This could be a 'bad' PDF, use sandbox or similar].
Threat Group-3390 is a Chinese threat group that has extensively used strategic Web compromises to target victims. The group has been active since at least 2010 and has targeted organizations in the aerospace, government, defense, technology, energy, and manufacturing sectors.
https://malpedia.caad.fkie.fraunhofer.de/actor/luckymouse.
LuckyMouse hits national data center to organize country-level waterholing campaign, 2018.
https://securelist.com/luckymouse-hits-national-data-center/86083/
Perhaps worth digging into this anons!
Godspeed!