Suspected China-based threat actor
· Published 21/12/2025 08:19 · Modified 21/12/2025 08:19
· Source: AlienVault
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 08:19
- Modified
- 21/12/2025 08:19
- Updated at
- 21/12/2025 08:19
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 1 reports, 10 attack patterns (mitre), 1 countries, 12 indicators
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (1)
-
10 MITREs 13 Observables 1 APT
Attack patterns (MITRE) (10)
-
T1518 usesSoftware Discovery MITRE
-
T1114 usesEmail Collection MITRE
-
T1187 usesForced Authentication MITRE
-
T1486 usesData Encrypted for Impact MITRE
-
T1210 usesExploitation of Remote Services MITRE
-
T1059 usesCommand and Scripting Interpreter MITRE
-
T1003 usesOS Credential Dumping MITRE
-
T1012 usesQuery Registry MITRE
-
T1207 MITRE
-
T1558 MITRE
Countries (1)
-
China targets
Indicators (12)
-
d32cc7b31a6f98c60abc313abc7d1143681f72de2bb2604711a0ba20710caaaeindicates -
http://149.28.154.23:443/vmtools.exe'indicates -
stix 100/100 Revoked· Valid until 03/12/2025 · Source: AlienVault
-
23221b6f95b9e3b165a84570212f2c8681cf888aa0fa78822f8500357eeafaf0indicates -
86fd8328765e4803feedf5878a08c149c08d47c336578261a08a3e1933b68daaindicates -
51fe904458e216e75909f82a33dc4f163250b498b4e2d365880184e806d3db1aindicates -
http://149.28.154.23:443/rar.exe'indicates -
stix 100/100 Revoked· Valid until 10/10/2025 · Source: AlienVault
-
472a513eb60cba4a2320ebbc10d84679ebaa1a8f90e5a3764902a456b3936a17indicates -
f2fa6ae29306ed7171f2e9563ced9bbd6e337ed8c389b319df3c6b46eeb050f0indicates -
http://149.28.154.23:443indicates -
ff91bbe7bd4e6d5498b1332f0ad233dcf0ad5fc0d31f870a92142731354d739cindicates