{ "id": "9a6d9b15-8add-49ef-b33a-90d626ebebaa", "created_at": "2026-04-06T00:16:26.600726Z", "updated_at": "2026-04-10T03:32:35.370345Z", "deleted_at": null, "sha1_hash": "314df10d91a165b77af26354ece4f038cfdf7e58", "title": "LevelBlue - Open Threat Exchange", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 31669, "plain_text": "LevelBlue - Open Threat Exchange\r\nBy AlienVault\r\nArchived: 2026-04-05 14:40:45 UTC\r\nCVE: 6 | FileHash-MD5: 2 | FileHash-SHA256: 85 | YARA: 1 | Hostname: 71\r\nOver the past seven months, Unit 42 has been investigating a series of attacks we attribute to a group we have\r\ncode named “Scarlet Mimic.” The attacks began over four years ago and their targeting pattern suggests that this\r\nadversary’s primary mission is to gather information about minority rights activists. We do not have evidence\r\ndirectly linking these attacks to a government source, but the information derived from these activities supports an\r\nassessment that a group or groups with motivations similar to the stated position of the Chinese government in\r\nrelation to these targets is involved. The attacks we attribute to Scarlet Mimic have primarily targeted Uyghur and\r\nTibetan activists as well as those who are interested in their causes. Both the Tibetan community and the Uyghurs,\r\na Turkic Muslim minority residing primarily in northwest China, have been targets of multiple sophisticated\r\nattacks in the past decade.\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:SkiBoot\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:SkiBoot\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://otx.alienvault.com/browse/pulses?q=tag:SkiBoot" ], "report_names": [ "pulses?q=tag:SkiBoot" ], "threat_actors": [ { "id": "8c5c318c-0e71-4184-92bb-d1c28f68a411", "created_at": "2022-10-25T15:50:23.692481Z", "updated_at": "2026-04-10T02:00:05.409574Z", "deleted_at": null, "main_name": "Scarlet Mimic", "aliases": [ "Scarlet Mimic" ], "source_name": "MITRE:Scarlet Mimic", "tools": [ "Psylo", "MobileOrder", "CallMe", "FakeM" ], "source_id": "MITRE", "reports": null }, { "id": "cac03bbf-0c42-470d-951e-0e92656be6cb", "created_at": "2023-01-06T13:46:38.463275Z", "updated_at": "2026-04-10T02:00:02.985402Z", "deleted_at": null, "main_name": "Scarlet Mimic", "aliases": [ "Golfing Taurus", "G0029" ], "source_name": "MISPGALAXY:Scarlet Mimic", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "9fc2aed1-c838-41e9-b469-922e7bab6f94", "created_at": "2022-10-25T16:07:24.162936Z", "updated_at": "2026-04-10T02:00:04.886029Z", "deleted_at": null, "main_name": "Scarlet Mimic", "aliases": [ "G0029", "Golfing Taurus" ], "source_name": "ETDA:Scarlet Mimic", "tools": [ "BrutishCommand", "CallMe", "CrypticConvo", "Elirks", "FakeFish", "FakeHighFive", "FakeM", "FakeM RAT", "FullThrottle", "HTran", "HUC Packet Transmit Tool", "MobileOrder", "Psylo", "RaidBase", "SkiBoot", "SubtractThis", "Terminator RAT" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434586, "ts_updated_at": 1775791955, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/314df10d91a165b77af26354ece4f038cfdf7e58.pdf", "text": "https://archive.orkl.eu/314df10d91a165b77af26354ece4f038cfdf7e58.txt", "img": "https://archive.orkl.eu/314df10d91a165b77af26354ece4f038cfdf7e58.jpg" } }