← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Hellsing APT
WHITE Hellsing AlienVault 2015-04-20 Modified: 2017-08-24
121
IOCs
HIGH VOLUME
The Hellsing APT group is currently active in the APAC region, hitting targets mainly in the South China Sea area, with a focus on Malaysia, the Philippines and Indonesia. The group has a relatively small footprint compared to massive operations such as "Equation". Smaller groups can have the advantage of being able to stay under the radar for longer periods of time, which is what happened here.
hellsingnaikonaptmd5malaysianokianMH370spearphishing
Indicators of Compromise (121)
All hostname FileHash-MD5 CVE email domain YARA
TYPEINDICATORDESCRIPTIONCREATED
hostname longc.indiadigest.in 2017-08-24
hostname hosts.mysaol.com 2017-08-24
hostname aac.indiadigest.in 2017-08-24
hostname second.photo-frame.com 2017-08-24
hostname webb.huntingtomingalls.com 2017-08-24
hostname freebsd.extrimtur.com 2017-08-24
hostname web01.crabdance.com 2017-08-24
hostname guaranteed9.strangled.net 2017-08-24
hostname philippinenews.mooo.com 2017-08-24
hostname cdi.indiadigest.in 2017-08-24
hostname imgs09.homenet.org 2017-08-24
hostname ld.indiadigest.in 2017-08-24
hostname articles.whynotad.com 2017-08-24
FileHash-MD5 14309b52f5a3df8cb0eb5b6dae9ce4da 2017-08-24
FileHash-MD5 6c3be96b65a7db4662ccaae34d6e72cc 2017-08-24
FileHash-MD5 621e4c293313e8638fb8f725c0ae9d0f 2017-08-24
FileHash-MD5 c0e85b34697c8561452a149a0b123435 2017-08-24
FileHash-MD5 73396bacd33cde4c8cb699bcf11d9f56 2017-08-24
FileHash-MD5 4dbfd37fd851daebdae7f009adec3cbd 2017-08-24
FileHash-MD5 036e021e1b7f61cddfd294f791de7ea2 2017-08-24
FileHash-MD5 f74ccb013edd82b25fd1726b17b670e5 2017-08-24
FileHash-MD5 0cbefd8cd4b9a36c791d926f84f10b7b 2017-08-24
FileHash-MD5 588f41b1f34b29529bc117346355113f 2017-08-24
FileHash-MD5 198fc1af5cd278091f36645a77c18ffa 2017-08-24
FileHash-MD5 2682a1246199a18967c98cb32191230c 2017-08-24
FileHash-MD5 015915bbfcda1b2b884db87262970a11 2017-08-24
FileHash-MD5 7c0be4e6aee5bc5960baa57c6a93f420 2017-08-24
FileHash-MD5 f13deac7d2c1a971f98c9365b071db92 2017-08-24
FileHash-MD5 3a40e0deb14f821516eadaed24301335 2017-08-24
FileHash-MD5 a91c9a2b1bc4020514c6c49c5ff84298 2017-08-24
FileHash-MD5 31b3cc60dbecb653ae972db9e57e14ec 2017-08-24
FileHash-MD5 bff9c356e20a49bbcb12547c8d483352 2017-08-24
CVE CVE-2012-0158 2017-08-24
hostname ny.philstarnotice.com 2017-08-24
hostname my.philippinenewss.com 2017-08-24
hostname ng.philstarnotice.com 2017-08-24
hostname df4.huntingtomingalls.com 2017-08-24
hostname afc.philippinenewss.com 2017-08-24
hostname dec.huntingtomingalls.com 2017-08-24
hostname philnews.twilightparadox.com 2017-08-24
hostname web.huntingtomingalls.com 2017-08-24
hostname ima03.now.im 2017-08-24
hostname email.philippinenewss.com 2017-08-24
hostname df2.huntingtomingalls.com 2017-08-24
hostname df3.huntingtomingalls.com 2017-08-24
hostname df5.huntingtomingalls.com 2017-08-24
hostname df1.huntingtomingalls.com 2017-08-24
hostname pic.philstarnotice.com 2017-08-24
hostname img02.mooo.com 2017-08-24
hostname email.philstarnotice.com 2017-08-24
hostname news.huntingtomingalls.com 2017-08-24
hostname pm.philstarnotice.com 2017-08-24
hostname ccid.mooo.com 2017-08-24
hostname mail.philippinenewss.com 2017-08-24
hostname ny.huntingtomingalls.com 2017-08-24
hostname webmm.indiadigest.in 2017-08-24
hostname login.philstarnotice.com 2017-08-24
hostname knl.russkoeumea.com 2017-08-24
hostname af.huntingtomingalls.com 2017-08-24
hostname pop.philippinenewss.com 2017-08-24
hostname afnews.philippinenewss.com 2017-08-24
hostname gr.philippinenewss.com 2017-08-24
hostname de.philippinenewss.com 2017-08-24
hostname news.philstarnotice.com 2017-08-24
hostname new.philippinenewss.com 2017-08-24
hostname shoping.jumpingcrab.com 2017-08-24
hostname ack.philippinenewss.com 2017-08-24
hostname flags13.twilightparadox.com 2017-08-24
hostname files.philippinenewss.com 2017-08-24
hostname so.philippinenewss.com 2017-08-24
hostname na.philstarnotice.com 2017-08-24
hostname na.huntingtomingalls.com 2017-08-24
hostname wg.philippinenewss.com 2017-08-24
hostname pop.philstarnotice.com 2017-08-24
hostname ns01.now.im 2017-08-24
hostname premium9.crabdance.com 2017-08-24
hostname zq.philippinenewss.com 2017-08-24
hostname d6.philippinenewss.com 2017-08-24
hostname files.philstarnotice.com 2017-08-24
FileHash-MD5 8befabb08750548d7ba64717d92b71e0 2017-08-24
FileHash-MD5 824c92e4b27026c113d766c0816428a0 2017-08-24
FileHash-MD5 5dec2e81037b2d72320516e86a2bcfbd 2017-08-24
FileHash-MD5 13ef0dfe608440ee60449e4300ae9324 2017-08-24
FileHash-MD5 0ba116aa1704a415812552a815fcd34b 2017-08-24
FileHash-MD5 2cce768dc3717e86c5d626ed7ce2e0b7 2017-08-24
FileHash-MD5 fe07da37643ed789c48f85d636abcf66 2017-08-24
FileHash-MD5 58670063ec00caf0d2d17f9d52f0ac95 2017-08-24
FileHash-MD5 4f19d5d2c04b6fc05e56c6a48fd9cb50 2017-08-24
FileHash-MD5 ac073ad83555f3748d481bcf796e1993 2017-08-24
FileHash-MD5 9317458e0d8484b77c0b9fa914a98230 2017-08-24
FileHash-MD5 5f776a0de913173e878844d023a98f1c 2017-08-24
FileHash-MD5 3de2a22babb69e480db11c3c15197586 2017-08-24
FileHash-MD5 e8770d73d7d8b837df44a55de9adb7d5 2017-08-24
FileHash-MD5 055bc765a78da9cc759d1ba7ac7ac05e 2017-08-24
FileHash-MD5 0dfcbb858bd2d5fb1d33cd69dcd844ae 2017-08-24
FileHash-MD5 67e032085dc756bb7123dfe942e5dca4 2017-08-24
FileHash-MD5 17ef094043761a917ba129280618c1d3 2017-08-24
FileHash-MD5 0cc5918d426cd836c52207a8332296bc 2017-08-24
FileHash-MD5 3032f4c7a6e4e807dd7b012fa4b43718 2017-08-24
FileHash-MD5 a23d7b6a81dc0b460294e8be829f564d 2017-08-24
FileHash-MD5 0ffe80af4461c68d6571bede9527cf74 2017-08-24
FileHash-MD5 085faac21114c844529e11422ef684d1 2017-08-24
FileHash-MD5 0f13deac7d2c1a971f98c9365b071db9 2017-08-24
FileHash-MD5 8e5fd9f8557e0d39787dd205abffa973 2017-08-24
FileHash-MD5 a6703722c6a1953a8c3807a6ff93d913 2017-08-24
FileHash-MD5 04090aca47f5360b84f6a55033544863 2017-08-24
FileHash-MD5 aa906567b9feb1af431404d1c55e0241 2017-08-24
FileHash-MD5 a642c3dfd7e9dad5dc2a27ac6d8c9868 2017-08-24
FileHash-MD5 5fc86559ae66dd223265540fd5dfaf3b 2017-08-24
email ssdfsddfs@qsdfsq.com 2017-08-24
email sambieber1990@yahoo.com 2017-08-24
domain philippinenewss.com 2017-08-24
domain huntingtomingalls.com 2017-08-24
domain philstarnotice.com 2017-08-24
FileHash-MD5 4fc312db8fe933dac24f6d442154f4d0 2017-08-24
YARA 4cdf659bf30a859d7f6e0145a40848049ba427b3 2017-08-24
YARA 6849e45eb30ea71ea8f99ea18997a66e3b13e0ea 2017-08-24
YARA 574eb13e7729e3206a55a82a576a64dd196987ec 2017-08-24
YARA ec3305fe30ab612eb12907d72ff7ba3fa3a2fb35 2017-08-24
YARA af56e300499841cd79ffaaad38cf7c37e82d33d4 2017-08-24
YARA 34a841ee90543b1feae10a108255f2d8fef302e8 2017-08-24
References (1)
↗ https://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/