← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Patchwork cyberespionage group expands targets from governments to wide range of industries
WHITE Dropping Elephant AlienVault 2016-07-26 Modified: 2017-08-24
66
IOCs
HIGH VOLUME
The Patchwork attack group has been targeting more than just government-associated organizations. Our research into the group found that it’s been attacking a broad range of industries, including aviation, broadcasting, and finance, to drop back door Trojans. While most of the interest still lies in the public sector, more recent attacks were found targeting the following industries: Aviation Broadcasting Energy Financial Non-governmental organizations (NGO) Pharmaceutical Public sector Publishing Software
PatchworkchinaBackdoor.SteladokaptPowerPointAviationngofinancialenergyPharmaceuticalsymantec
Indicators of Compromise (66)
All domain FileHash-MD5 CVE
TYPEINDICATORDESCRIPTIONCREATED
domain expatchina.info 2017-08-24
domain 81-cn.net 2017-08-24
domain nduformation.com 2017-08-24
domain miltechweb.com 2017-08-24
domain securematrixx.com 2017-08-24
domain chinastrats.com 2017-08-24
domain epg-cn.com 2017-08-24
domain cnmilit.com 2017-08-24
domain socialfreakzz.com 2017-08-24
domain newsnstat.com 2017-08-24
domain nudtcn.com 2017-08-24
domain miltechcn.com 2017-08-24
domain info81.com 2017-08-24
domain extremebolt.com 2017-08-24
domain climaxcn.com 2017-08-24
domain modgovcn.com 2017-08-24
domain lujunxinxi.com 2017-08-24
domain militaryworkerscn.com 2017-08-24
domain milresearchcn.com 2017-08-24
FileHash-MD5 ffab6174860af9a7c3b37a7f1fb8f381 2017-08-24
FileHash-MD5 b7433c57a7111457506f85bdf6592d18 2017-08-24
FileHash-MD5 735f0fbe44b70e184665aed8d1b2c117 2017-08-24
FileHash-MD5 4dbb8ad1776af25a5832e92b12d4bfff 2017-08-24
FileHash-MD5 2c0efa57eeffed228eb09ee97df1445a 2017-08-24
FileHash-MD5 3ac28869c83d20f9b18ebbd9ea3a9155 2017-08-24
FileHash-MD5 4fca01f852410ea1413a876df339a36d 2017-08-24
FileHash-MD5 61e0f4ecb3d7c56ea06b8f609fd2bf13 2017-08-24
FileHash-MD5 1de10c5bc704d3eaf4f0cfa5ddd63f2d 2017-08-24
FileHash-MD5 475c29ed9373e2c04b7c3df6766761eb 2017-08-24
FileHash-MD5 812a856288a03787d85d2cb9c1e1b3ba 2017-08-24
FileHash-MD5 e5685462d8a2825e124193de9fa269d9 2017-08-24
FileHash-MD5 233a71ea802af564dd1ab38e62236633 2017-08-24
FileHash-MD5 f7ce9894c1c99ce64455155377446d9c 2017-08-24
FileHash-MD5 74fea3e542add0f301756581d1f16126 2017-08-24
FileHash-MD5 3d852dea971ced1481169d8f66542dc5 2017-08-24
FileHash-MD5 8f7b1f320823893e159f6ebfb8ce3e78 2017-08-24
FileHash-MD5 e7b4511cba3bba6983c43c9f9014a49d 2017-08-24
FileHash-MD5 c575f9b40cf6e6141f0ee40c8a544fb8 2017-08-24
FileHash-MD5 6877e60f141793287169125a08e36941 2017-08-24
FileHash-MD5 0bbff4654d0c4551c58376e6a99dfda0 2017-08-24
FileHash-MD5 4ff89d5341ac36eb9bed79e7afe04cb3 2017-08-24
FileHash-MD5 6d8534597ae05d2151d848d2e6427f9e 2017-08-24
FileHash-MD5 6b335a77203b566d92c726b939b8d8c9 2017-08-24
FileHash-MD5 7796ae46da0049057abd5cfb9798e494 2017-08-24
FileHash-MD5 551e244aa85b92fe470ed2eac9d8808a 2017-08-24
FileHash-MD5 38e71afcdd6236ac3ad24bda393a81c6 2017-08-24
FileHash-MD5 465de3db14158005ede000f7c0f16efe 2017-08-24
FileHash-MD5 375f240df2718fc3e0137e109eef57ee 2017-08-24
FileHash-MD5 b163e3906b3521a407910aeefd055f03 2017-08-24
FileHash-MD5 f5c81526acbd830da2f533ae93deb1e1 2017-08-24
FileHash-MD5 3e9d1526addf2ca6b09e2fdb5fd4978f 2017-08-24
FileHash-MD5 543d402a56406c93b68622a7e392728d 2017-08-24
FileHash-MD5 eefcef704b1a7bea6e92dc8711cfd35e 2017-08-24
FileHash-MD5 ebfa776a91de20674a4ae55294d85087 2017-08-24
FileHash-MD5 7012f07e82092ab2daede774b9000d64 2017-08-24
FileHash-MD5 a4fb5a6765cb8a30a8393d608c39d9f7 2017-08-24
FileHash-MD5 b594a4d3f7183c3af155375f81ad6c3d 2017-08-24
FileHash-MD5 2ba26a9cc1af4479e99dcc6a0e7d5d67 2017-08-24
FileHash-MD5 d456bbf44d73b1f0f2d1119f16993e93 2017-08-24
FileHash-MD5 0f09e24a8d57fb8b1a8cc51c07ebbe3f 2017-08-24
FileHash-MD5 2099fcd4a81817171649cb38dac0fb2a 2017-08-24
FileHash-MD5 d8102a24ca00ef3db7d942912765441e 2017-08-24
FileHash-MD5 f47484e6705e52a115a3684832296b39 2017-08-24
CVE CVE-2012-0158 2017-08-24
CVE CVE-2014-4114 2017-08-24
CVE CVE-2015-1641 2017-08-24
References (1)
↗ http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries