{
	"id": "1246a004-3555-4142-b25d-df18cc181497",
	"created_at": "2026-04-06T15:52:36.76207Z",
	"updated_at": "2026-04-10T03:29:24.058443Z",
	"deleted_at": null,
	"sha1_hash": "d9e8d43b0b8276f8076e92fd2ac28d3888d69fb1",
	"title": "Broadcom Community - VMTN, Mainframe, Symantec, Carbon Black",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 64944,
	"plain_text": "Broadcom Community - VMTN, Mainframe, Symantec, Carbon\r\nBlack\r\nBy Teddy Jewell\r\nArchived: 2026-04-06 15:40:58 UTC\r\nMap Your Next Move at VMware Explore\r\nJoin peers and leaders at the essential cloud event for IT professionals.\r\nLearn More\r\nMap Your Next Move at VMware Explore\r\nJoin peers and leaders at the essential cloud event for IT professionals.\r\nLearn More\r\nWelcome to the Broadcom Community\r\nFind Your Communities\r\nOur communities are designed by division, as you can see below. Visit each division's homepage for a list of\r\nproduct communities under each division. From there, click on the communities you're interested in, choose \"Join\r\nCommunity,\" and select your notification settings. It's that simple. Join as many as you'd like.\r\nRegister Here\r\nPlease note: Your first post to any of our communities will be placed in a moderation queue for review to\r\nhelp us prevent spammers from posting unwanted content. Our community managers closely monitor this\r\nmoderation queue, and once your first post is approved, your posts will no longer go through moderation. Please\r\ndo not submit the same post multiple times.\r\nCheck Out Our Events\r\nLooking for product roadmap webcasts, technical sessions, user group meetings, conferences, and workshops?\r\nCheck out our events calendars:\r\nApplication Networking and Security\r\nCarbon Black\r\nEnterprise Software Events\r\nMainframe Software Events\r\nSymantec Enterprise Events\r\nhttp://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries\r\nPage 1 of 4\n\nTanzu\r\nVMware Cloud Foundation\r\nVMware Events\r\nLatest Discussions\r\nPosted in: Fusion\r\nFrom what you posted, it appears that removing the /private/var/db/KernelExtensionManagement folder\r\nwas not necessary since the initial problem was limited to one VM. Removing that folder may have\r\ntriggered a macOS 10.13 issue that does not restore proper ...\r\nThe documentation says: Load dependent On the Agent with the lowest workload in the group according to\r\nthe data delivered by the resources allocation. The following is taken into consideration: Preference is\r\ngiven to Agents without resource ...\r\nRecent Blogs\r\nPosted in: CloudHealth\r\nFresh From the Labs: CloudHealth Product Updates March ...\r\nUpcoming Events\r\nTuesday\r\n7\r\nApril\r\nTuesday\r\nhttp://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries\r\nPage 2 of 4\n\n7\r\nApril\r\nTuesday\r\n7\r\nApril\r\nTuesday\r\n7\r\nApril\r\nEngagement Leaderboard\r\nMonthly\r\nWeekly\r\nAll Time\r\n1605 Points\r\n1048 Points\r\n531 Points\r\n412 Points\r\n602 Points\r\nhttp://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries\r\nPage 3 of 4\n\n301 Points\r\n267 Points\r\n256 Points\r\n748982 Points\r\n579429 Points\r\n569757 Points\r\n369835 Points\r\nSource: http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries\r\nhttp://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries"
	],
	"report_names": [
		"patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries"
	],
	"threat_actors": [
		{
			"id": "bbf66d2d-3d20-4026-a2b5-56b31eb65de4",
			"created_at": "2025-08-07T02:03:25.123407Z",
			"updated_at": "2026-04-10T02:00:03.668131Z",
			"deleted_at": null,
			"main_name": "ZINC EMERSON",
			"aliases": [
				"Confucius ",
				"Dropping Elephant ",
				"EHDevel ",
				"Manul ",
				"Monsoon ",
				"Operation Hangover ",
				"Patchwork ",
				"TG-4410 ",
				"Viceroy Tiger "
			],
			"source_name": "Secureworks:ZINC EMERSON",
			"tools": [
				"Enlighten Infostealer",
				"Hanove",
				"Mac OS X KitM Spyware",
				"Proyecto2",
				"YTY Backdoor"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "7ea1e0de-53b9-4059-802f-485884180701",
			"created_at": "2022-10-25T16:07:24.04846Z",
			"updated_at": "2026-04-10T02:00:04.84985Z",
			"deleted_at": null,
			"main_name": "Patchwork",
			"aliases": [
				"APT-C-09",
				"ATK 11",
				"Capricorn Organisation",
				"Chinastrats",
				"Dropping Elephant",
				"G0040",
				"Maha Grass",
				"Quilted Tiger",
				"TG-4410",
				"Thirsty Gemini",
				"Zinc Emerson"
			],
			"source_name": "ETDA:Patchwork",
			"tools": [
				"AndroRAT",
				"Artra Downloader",
				"ArtraDownloader",
				"AutoIt backdoor",
				"BADNEWS",
				"BIRDDOG",
				"Bahamut",
				"Bozok",
				"Bozok RAT",
				"Brute Ratel",
				"Brute Ratel C4",
				"CinaRAT",
				"Crypta",
				"ForeIT",
				"JakyllHyde",
				"Loki",
				"Loki.Rat",
				"LokiBot",
				"LokiPWS",
				"NDiskMonitor",
				"Nadrac",
				"PGoShell",
				"PowerSploit",
				"PubFantacy",
				"Quasar RAT",
				"QuasarRAT",
				"Ragnatela",
				"Ragnatela RAT",
				"SocksBot",
				"TINYTYPHON",
				"Unknown Logger",
				"WSCSPL",
				"Yggdrasil"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "c81067e0-9dcb-4e3f-abb0-80126519c5b6",
			"created_at": "2022-10-25T15:50:23.285448Z",
			"updated_at": "2026-04-10T02:00:05.282202Z",
			"deleted_at": null,
			"main_name": "Patchwork",
			"aliases": [
				"Hangover Group",
				"Dropping Elephant",
				"Chinastrats",
				"Operation Hangover"
			],
			"source_name": "MITRE:Patchwork",
			"tools": [
				"NDiskMonitor",
				"QuasarRAT",
				"BackConfig",
				"TINYTYPHON",
				"AutoIt backdoor",
				"PowerSploit",
				"BADNEWS",
				"Unknown Logger"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775490756,
	"ts_updated_at": 1775791764,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d9e8d43b0b8276f8076e92fd2ac28d3888d69fb1.pdf",
		"text": "https://archive.orkl.eu/d9e8d43b0b8276f8076e92fd2ac28d3888d69fb1.txt",
		"img": "https://archive.orkl.eu/d9e8d43b0b8276f8076e92fd2ac28d3888d69fb1.jpg"
	}
}