Teleboyi

Also known as: Teleboyi

Teleboyi is a threat actor reportedly based in China, associated with the PlugX RAT. TeamT5 identified a custom PlugX loader used by Teleboyi that employs a similar string decryption algorithm as seen in the McUtil.dll loader from Operation Harvest. While there are weak links to the dsqurey[.]com domain, the connection remains uncertain due to the domain’s registration history.

🌍 Country China

Introduction

Teleboyi is a threat actor reportedly based in China, associated with the PlugX RAT. TeamT5 identified a custom PlugX loader used by Teleboyi that employs a similar string decryption algorithm as seen in the McUtil.dll loader from Operation Harvest. While there are weak links to the dsqurey[.]com domain, the connection remains uncertain due to the domain’s registration history.

Activities and Tactics

Country of Origin: πŸ‡¨πŸ‡³ China

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

  • PlugX
  • China Chopper

Attribution and Evidence

Country of Origin: China Additional attribution information pending cataloguing.

References

References pending cataloguing.