{
	"id": "91808e8f-9d89-4ff6-9fcc-7258e8fc3690",
	"created_at": "2026-04-06T00:16:45.353276Z",
	"updated_at": "2026-04-10T03:32:24.171061Z",
	"deleted_at": null,
	"sha1_hash": "b22baf4785c81bd6b01e261f246531f0bfc37a4f",
	"title": "APT3 is Boyusec, a Chinese Intelligence Contractor",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 396348,
	"plain_text": "APT3 is Boyusec, a Chinese Intelligence Contractor\r\nBy intrusiontruth\r\nPublished: 2017-05-09 · Archived: 2026-04-05 16:17:02 UTC\r\nIn our last three posts we introduced you to APT3 and identified two individuals responsible for purchasing their\r\ndomain names – Wu Yingzhuo and Dong Hao. An IP addresses in Guangdong, China was associated with some of\r\nthe domains.\r\nBoth individuals have a long history of purchasing APT3 infrastructure. Who do they work for and where do their\r\norders come from?\r\nBoyusec\r\nWell, the answers to those questions are reasonably easy to find. Wu Yingzhuo (吴颖卓) and Dong Hao (董浩) are\r\nboth shareholders in the same company.\r\nThis listing is for a Chinese cyber security firm called 博御信息 (or Boyusec – the Guangzhou Boyu Information\r\nTechnology Company, Ltd) that was licensed in December 2013 and is based in Guangdong. It lists both 吴颖卓\r\nand 董浩 as major shareholders.\r\nhttps://intrusiontruth.wordpress.com/2017/05/09/apt3-is-boyusec-a-chinese-intelligence-contractor/\r\nPage 1 of 3\n\nCompany listing showing 吴颖桌 and 董浩 as shareholders of Boyusec\r\nThe Ministry of State Security\r\nOn the 29th of November 2016, freebeacon.com reported that Pentagon intelligence officials had identified\r\nBoyusec as being a contractor for the Chinese Ministry of State Security (MSS). The MSS is one of China’s\r\nIntelligence Services and is an active player in their Cyber programme.\r\nhttps://intrusiontruth.wordpress.com/2017/05/09/apt3-is-boyusec-a-chinese-intelligence-contractor/\r\nPage 2 of 3\n\nThe conclusion?\r\nEither a Chinese InfoSec company called Boyusec, known to be involved with Chinese Intelligence Cyber\r\noperations, has two shareholders with the same names as two apparant APT3 actors, or Boyusec is APT3.\r\nDiscover more from Intrusion Truth\r\nSubscribe to get the latest posts sent to your email.\r\nPost navigation\r\nSource: https://intrusiontruth.wordpress.com/2017/05/09/apt3-is-boyusec-a-chinese-intelligence-contractor/\r\nhttps://intrusiontruth.wordpress.com/2017/05/09/apt3-is-boyusec-a-chinese-intelligence-contractor/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"Malpedia"
	],
	"references": [
		"https://intrusiontruth.wordpress.com/2017/05/09/apt3-is-boyusec-a-chinese-intelligence-contractor/"
	],
	"report_names": [
		"apt3-is-boyusec-a-chinese-intelligence-contractor"
	],
	"threat_actors": [
		{
			"id": "13354d3f-3f40-44ec-b42a-3cda18809005",
			"created_at": "2022-10-25T15:50:23.275272Z",
			"updated_at": "2026-04-10T02:00:05.36519Z",
			"deleted_at": null,
			"main_name": "APT3",
			"aliases": [
				"APT3",
				"Gothic Panda",
				"Pirpi",
				"UPS Team",
				"Buckeye",
				"Threat Group-0110",
				"TG-0110"
			],
			"source_name": "MITRE:APT3",
			"tools": [
				"OSInfo",
				"schtasks",
				"PlugX",
				"LaZagne",
				"SHOTPUT",
				"RemoteCMD"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "761d1fb2-60e3-46f0-9f1c-c8a9715967d4",
			"created_at": "2023-01-06T13:46:38.269054Z",
			"updated_at": "2026-04-10T02:00:02.90356Z",
			"deleted_at": null,
			"main_name": "APT3",
			"aliases": [
				"GOTHIC PANDA",
				"TG-0110",
				"Buckeye",
				"Group 6",
				"Boyusec",
				"BORON",
				"BRONZE MAYFAIR",
				"Red Sylvan",
				"Brocade Typhoon"
			],
			"source_name": "MISPGALAXY:APT3",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "cf826655-5fcb-4331-bdc5-5ef267db9d3c",
			"created_at": "2025-08-07T02:03:24.631402Z",
			"updated_at": "2026-04-10T02:00:03.608938Z",
			"deleted_at": null,
			"main_name": "BRONZE MAYFAIR",
			"aliases": [
				"APT3 ",
				"Gothic Panda ",
				"Pirpi",
				"TG-0110 ",
				"UPSTeam"
			],
			"source_name": "Secureworks:BRONZE MAYFAIR",
			"tools": [
				"Cookiecutter",
				"HUC Proxy Malware (Htran)",
				"Pirpi",
				"PlugX",
				"SplitVPN",
				"UPS",
				"ctt",
				"ctx"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434605,
	"ts_updated_at": 1775791944,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b22baf4785c81bd6b01e261f246531f0bfc37a4f.pdf",
		"text": "https://archive.orkl.eu/b22baf4785c81bd6b01e261f246531f0bfc37a4f.txt",
		"img": "https://archive.orkl.eu/b22baf4785c81bd6b01e261f246531f0bfc37a4f.jpg"
	}
}