{
	"id": "f6269a2c-b29f-4a4b-bf44-2caf7e92814f",
	"created_at": "2026-04-06T00:08:48.797629Z",
	"updated_at": "2026-04-10T03:21:57.249036Z",
	"deleted_at": null,
	"sha1_hash": "997863d35bd8b2f9717801f0138dcab616569357",
	"title": "The Illustrious Graduates of Wuhan Kerui",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1214234,
	"plain_text": "The Illustrious Graduates of Wuhan Kerui\r\nBy intrusiontruth\r\nPublished: 2023-05-12 · Archived: 2026-04-02 10:35:18 UTC\r\nOur last article introduced the mysterious graduates of Kerui Cracking Academy. As luck would have it, said\r\nmysterious graduates have left feedback, complete with graduate destinations and contact details on Kerui’s\r\nwebsite. \r\nWe won’t bore you by going through each individual piece of feedback – feel free to peruse at your leisure.\r\nSuffice it to say that Kerui graduates were pretty pleased with their student experience. But there were a few\r\nwhich we found interesting, and a couple which serve to flesh out Kerui’s links to the government. \r\nLet’s start here. \r\nOuyang Jilei 欧阳继雷 \r\nOuyang attended the 24th iteration at Kerui and in their feedback provided advice for later generations of Kerui\r\nstudents. How generous. But it was their claim to now be employed by a state-owned enterprise in Wuhan that\r\nreally caught our eye. Could this be it? Could we finally be on an APT’s trail in Wuhan? \r\nMoving on: Li Yilong 李义龙\r\nhttps://intrusiontruth.wordpress.com/2023/05/12/the-illustrious-graduates-of-wuhan-kerui\r\nPage 1 of 4\n\nLi attended the 13th\r\n class iteration at Kerui. Li was effusive about his time at Kerui, highlighting the sense of\r\nhumor of his teachers, the laughter in his classes, and how he has harnessed the ‘Kerui spirit’ to overcome\r\nchallenges since moving to the world of work. Li claims to be working for an ‘undisclosed private company\r\nsupporting the government’. We did a fair bit of digging here to try and identify said company and managed to\r\nlink him to one ‘Wuhan Shenzhou Human Resources Services Department.’ Doesn’t sound cyber-y, does it? But\r\nwe will come back to Wuhan Shenzhou later.\r\nHuang Zhen #1黃震: \r\nHuang Zhen #1 attended the 11\r\nth\r\n Kerui program. Huang’s feedback includes his personal experiences, praise for\r\nthe faculty members and some study tips for future students, but did not disclose his onward employment. \r\nhttps://intrusiontruth.wordpress.com/2023/05/12/the-illustrious-graduates-of-wuhan-kerui\r\nPage 2 of 4\n\nHuang Zhen #2 黄振\r\nHuang Zhen #2 attended the same iteration as Li and happily found employment at an ‘undisclosed cyber security\r\ncompany’. Huang 2 thanks his friends for helping him through bumps in the road and credits his teachers with the\r\nability to ‘write code at the speed of flowing water’. He also left his QQ number: 361920879. \r\nWe know what you are thinking. Not much to go on here. But we will return to our friends Li, Huang and Huang\r\nin due course.\r\nXiong Wang 熊旺  \r\nAt first glance, Xiong’s feedback is rather non-descript.\r\nHe describes how the class helped him and provides some recommendations on study methods for future students.\r\nHe leaves no contact details or information on graduate destination. But some in-depth digging into Xiong\r\nprovided our first real lead: his social insurance record.\r\nhttps://intrusiontruth.wordpress.com/2023/05/12/the-illustrious-graduates-of-wuhan-kerui\r\nPage 3 of 4\n\nSocial insurance contributions in China are effectively a social security program. They include mandatory\r\ninsurance schemes, such as pension, medical insurance, and a housing fund. \r\nLuckily for us, they also list their employer.\r\nAs of 2016, Xiong Wang was employed by one Wuhan Xiaoruizhi Science and Technology Company.\r\nDiscover more from Intrusion Truth\r\nSubscribe to get the latest posts sent to your email.\r\nPost navigation\r\nSource: https://intrusiontruth.wordpress.com/2023/05/12/the-illustrious-graduates-of-wuhan-kerui\r\nhttps://intrusiontruth.wordpress.com/2023/05/12/the-illustrious-graduates-of-wuhan-kerui\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"references": [
		"https://intrusiontruth.wordpress.com/2023/05/12/the-illustrious-graduates-of-wuhan-kerui"
	],
	"report_names": [
		"the-illustrious-graduates-of-wuhan-kerui"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434128,
	"ts_updated_at": 1775791317,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/997863d35bd8b2f9717801f0138dcab616569357.pdf",
		"text": "https://archive.orkl.eu/997863d35bd8b2f9717801f0138dcab616569357.txt",
		"img": "https://archive.orkl.eu/997863d35bd8b2f9717801f0138dcab616569357.jpg"
	}
}