← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea
WHITE Unfading Sea Haze AlienVault 2024-05-24 Modified: 2024-06-23
122
IOCs
HIGH VOLUME
An investigation by Bitdefender Labs uncovered a previously unidentified cyber threat actor called Unfading Sea Haze. This group has systematically targeted high-level organizations across countries in the South China Sea region. The extensive analysis spanned several years, revealing their evolving tactics, malware arsenal, and ongoing persistence. The primary objective appears to be espionage, with a focus on data exfiltration and surveillance of military and government entities. Unfading Sea Haze employs a sophisticated array of custom malware tools, including variants of the Gh0st RAT family and techniques like DLL sideloading. Their recent shift towards modular, fileless payloads showcases their adaptability in evading detection.
Unfading Sea HazeaptespionageSilentGh0stTranslucentGh0stSharpJSHandler
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
SilentGh0st TranslucentGh0st SharpJSHandler
Indicators of Compromise (122)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 00bcbeb6ffdadc50a931212eff424e19 2024-05-24
FileHash-MD5 0b744f9d38e125cd4fe14289272ac0e2 2024-05-24
FileHash-MD5 0dd4603f7c3a80a2408e458fe58b2e60 2024-05-24
FileHash-MD5 0f4d06cedc93c7784580a3a7c4ad2fb4 2024-05-24
FileHash-MD5 100c461d79471c96eba20c8eae35c5ba 2024-05-24
FileHash-MD5 1179f589791c2eaa1ae33f38e62753d0 2024-05-24
FileHash-MD5 11c7f264184ed52df4a3836a623845c8 2024-05-24
FileHash-MD5 124bdaaa70da4daeacbc0513b6c0558e 2024-05-24
FileHash-MD5 14a88779c7e03ecfc19dd18221e25105 2024-05-24
FileHash-MD5 17303b1a254abb9ed0795f7d9b51b462 2024-05-24
FileHash-MD5 19dbf2d82f6f95a73f1529636e775295 2024-05-24
FileHash-MD5 1ce17f0e2a000a889b3f81e80b95f19f 2024-05-24
FileHash-MD5 1d2185c956a75a8628e310a38dea4001 2024-05-24
FileHash-MD5 1dbcd8d2f5718fa7654f8b5f34b88d43 2024-05-24
FileHash-MD5 1e55bda0b7eb0aea78577a21f51e8f5c 2024-05-24
FileHash-MD5 2bf96bd44942ca8beed04623a1e19e24 2024-05-24
FileHash-MD5 2c45c1c35c703bb923b558343f00ea34 2024-05-24
FileHash-MD5 2e4055e16c1a9274caa182223977eda1 2024-05-24
FileHash-MD5 35623ba9f8fcbcf0fce96aa2465b0b66 2024-05-24
FileHash-MD5 35a307b73849a3d7a7cd603a0c4698f2 2024-05-24
FileHash-MD5 3631001b60bdf712e6294d40ec777d87 2024-05-24
FileHash-MD5 39d43f21b3c2b9f94165f5257b229fb4 2024-05-24
FileHash-MD5 3d879bc2fb28c5abbcd6e08b6e5dc762 2024-05-24
FileHash-MD5 3d87f0bd243cff931bb463fce1d115e3 2024-05-24
FileHash-MD5 3dc8d8a70cc60a2376ce5c555d242cf3 2024-05-24
FileHash-MD5 3decde2a91f52255dd97eaafc2666947 2024-05-24
FileHash-MD5 40466fd795360ac4270751d8c4500c39 2024-05-24
FileHash-MD5 4d99127e4b1d27a56f7c4b198739176b 2024-05-24
FileHash-MD5 4e470ea6d7d7da6dd4147c8e948df7c8 2024-05-24
FileHash-MD5 4ec62fdd3d02bc9b81a8c78910b8463a 2024-05-24
FileHash-MD5 510c36c9061778d166e23177a191df35 2024-05-24
FileHash-MD5 5268206fb6c96f614f67cd5d686f42af 2024-05-24
FileHash-MD5 5421e3cef32e534fa74a26df1c753700 2024-05-24
FileHash-MD5 551bda0f19bf2705f5f7bd52dcbc021f 2024-05-24
FileHash-MD5 55a246ace9630b31c43964ebd551e5e2 2024-05-24
FileHash-MD5 5800fff782c36df785dad1d0a34ad418 2024-05-24
FileHash-MD5 5bd1eb1166da401c470af2b9e204b2d1 2024-05-24
FileHash-MD5 5f8f9269bcd52ef630bc563b83059b77 2024-05-24
FileHash-MD5 654163ab9002bd06f68a9f41123b1cd4 2024-05-24
FileHash-MD5 69310040e872806cb2b00d3addb321a7 2024-05-24
FileHash-MD5 6a0933d08d8d27165f72c53df8f1bf04 2024-05-24
FileHash-MD5 6c49738668ca7c054f0708ecc3b626c8 2024-05-24
FileHash-MD5 6f01bed0b875069ec5b9650e6d8c416f 2024-05-24
FileHash-MD5 70773eb54234c486c46048ade57db45b 2024-05-24
FileHash-MD5 7169179cc18e6aa6c2c36e4bee59f63d 2024-05-24
FileHash-MD5 73daf06fed93d542af04d59a4545fab0 2024-05-24
FileHash-MD5 7aba74bfbf5cb068fb52e8813c40f4cd 2024-05-24
FileHash-MD5 7e10d7dd09f5ee2010990701db042f11 2024-05-24
FileHash-MD5 7ff8a134c1ee44c915339a74e4a2d3ca 2024-05-24
FileHash-MD5 80fb9865209f8d8d1017c8151c79ef74 2024-05-24
FileHash-MD5 828faccaaf8e70be1c32ae5588d3df12 2024-05-24
FileHash-MD5 846838327cda19b4415afd5b352c95df 2024-05-24
FileHash-MD5 8c31532f73671995d7f3b6d5814ba726 2024-05-24
FileHash-MD5 91017ad856cff5f0cb304ea2a3ae81c9 2024-05-24
FileHash-MD5 942086934f4dd65c3e0158c9b8d89933 2024-05-24
FileHash-MD5 9425f9f7cc393c492deb267c12d031c5 2024-05-24
FileHash-MD5 95701a74b6b3de68fc375cd08ae8d2c2 2024-05-24
FileHash-MD5 960a964cab127c4f3c726612fdeaeb08 2024-05-24
FileHash-MD5 96a43d13fd11464e9898af98cc5bb24b 2024-05-24
FileHash-MD5 98de3eeda1adefec31d3e3f00079dd2d 2024-05-24
FileHash-MD5 a5af41fda8ef570fda96c64a932d4247 2024-05-24
FileHash-MD5 ac7b8524098cbb423619706ff617b6a6 2024-05-24
FileHash-MD5 af215f4670ae190e699c27e5205aadee 2024-05-24
FileHash-MD5 b04d9dba3bc922a33c1408d4fbf80678 2024-05-24
FileHash-MD5 b1a886f8904d90ad28fce0dc0dc9df93 2024-05-24
FileHash-MD5 b3dc2dcb0f2a5661aed1f4e6d9e88bc6 2024-05-24
FileHash-MD5 b6cd3d88a6d6886718b6113147a99901 2024-05-24
FileHash-MD5 b98e54d01a094bb6b83eff06a8cf49d6 2024-05-24
FileHash-MD5 c182b3e659a416fe59f3613c08a8cffb 2024-05-24
FileHash-MD5 c8c890cf8d61cab805e9ef0a4471579a 2024-05-24
FileHash-MD5 cb95ad8fad82eac1c553cd2d7470100b 2024-05-24
FileHash-MD5 cb9e6fa194b8fa2ef5b6b19e0bd6873e 2024-05-24
FileHash-MD5 cd0b810751eb2a1470e44f7f6660d5f4 2024-05-24
FileHash-MD5 cf2f7331a04bb9cd47b58a5c80d4c242 2024-05-24
FileHash-MD5 cf398f9780de020919daad9ca4a27455 2024-05-24
FileHash-MD5 cf5f2e3e1ce82e75a2d0885af5efa1ef 2024-05-24
FileHash-MD5 cff31de1b28f6b00d13d15c2be08a982 2024-05-24
FileHash-MD5 d9a452c1c06903fafa4dc4625b2c2d9b 2024-05-24
FileHash-MD5 e5fc13c39dd81e6de11d1c211f4413ba 2024-05-24
FileHash-MD5 e7433f8a0943a6025d43473990ec8068 2024-05-24
FileHash-MD5 f54bed43b372997f3bafe5c67c799e73 2024-05-24
FileHash-MD5 fa93aec0018c5e3d1d58b76af159bb82 2024-05-24
FileHash-MD5 fabdf1094b49673bc0f015cbb986bad5 2024-05-24
FileHash-MD5 fda22f52f0d3a81f095a00810a3dd70a 2024-05-24
FileHash-SHA1 7c1a3c5c016209a502fe5157b7c525c6b079d79b SHA1 of b3dc2dcb0f2a5661aed1f4e6d9e88bc6 2024-05-24
FileHash-SHA1 a23704a9a673dc1de624dc80e441d18ebb0c5fb8 SHA1 of 6a0933d08d8d27165f72c53df8f1bf04 2024-05-24
FileHash-SHA1 d421830cc2c1a04dd89c94bee0714ef805fa6c4c SHA1 of 1ce17f0e2a000a889b3f81e80b95f19f 2024-05-24
FileHash-SHA1 ed389a02b46cb203a2308aac5722176766936234 SHA1 of 2e4055e16c1a9274caa182223977eda1 2024-05-24
FileHash-SHA256 1116efd48ca01623bf385cd612f4da1eb9eeba0329e41d0e068bcd6557a46f8f SHA256 of 6a0933d08d8d27165f72c53df8f1bf04 2024-05-24
FileHash-SHA256 6b5b8b12af21700a212d5ece27f065f8f9ed38b2969ad5dfaa790bc76754de6c SHA256 of 1ce17f0e2a000a889b3f81e80b95f19f 2024-05-24
FileHash-SHA256 7587ca6b8163e3e5b05e4a9fc79ec19deee9c971e6f76adadc4d970c99cad4f3 SHA256 of b3dc2dcb0f2a5661aed1f4e6d9e88bc6 2024-05-24
FileHash-SHA256 93abcc4062a14ba3d3309fc5e8a910e81a4e3ce1bbbf5e6f7857779b6e76f43a SHA256 of 2e4055e16c1a9274caa182223977eda1 2024-05-24
domain bitdefenderupdate.org 2024-05-24
hostname airst.giize.com 2024-05-24
hostname api.bitdefenderupdate.org 2024-05-24
hostname api.simpletra.com 2024-05-24
hostname auth.bitdefenderupdate.com 2024-05-24
hostname bit.kozow.com 2024-05-24
hostname cdn.g8z.net 2024-05-24
hostname dns-log.d-n-s.org.uk 2024-05-24
hostname dns.g8z.net 2024-05-24
hostname employee.mywire.org 2024-05-24
hostname fc.adswt.com 2024-05-24
hostname images.emldn.com 2024-05-24
hostname link.theworkguyoo.com 2024-05-24
hostname linklab.blinklab.com 2024-05-24
hostname mail.adswt.com 2024-05-24
hostname mail.bomloginset.com 2024-05-24
hostname mail.pcygphil.com 2024-05-24
hostname mail.simpletra.com 2024-05-24
hostname mail.theworkguyoo.com 2024-05-24
hostname manags.twilightparadox.com 2024-05-24
hostname message.ooguy.com 2024-05-24
hostname news.nevuer.com 2024-05-24
hostname newy.hifiliving.com 2024-05-24
hostname payroll.mywire.org 2024-05-24
hostname provider.giize.com 2024-05-24
hostname rest.redirectme.net 2024-05-24
hostname sopho.kozow.com 2024-05-24
hostname spcg.lunaticfridge.com 2024-05-24
hostname upupdate.ooguy.com 2024-05-24
hostname word.emldn.com 2024-05-24
References (1)
↗ https://www.bitdefender.com/blog/businessinsights/deep-dive-into-unfading-sea-haze-a-new-threat-actor-in-the-south-china-sea