← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC—Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats
WHITE celestre 2025-08-28 Modified: 2025-09-27
20
IOCs
MEDIUM VOLUME
In March 2025, Google Threat Intelligence Group (GTIG) identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted diplomats in Southeast Asia and other entities globally. GTIG assesses this was likely in support of cyber espionage operations aligned with the strategic interests of the People's Republic of China (PRC).
file pathname ioclanding pagemsi packagehosting ipc2 ipmsiewindows ntmutex nameknbgxngds rc4
Indicators of Compromise (20)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 00c9a545c4fd77c19a490f5637025f3f MD5 of 3299866538aff40ca85276f87dd0cefe4eafe167bd64732d67b06af4f3349916 2025-08-28
FileHash-MD5 42edaf7ea36a17c9c96465fe68c15dcd MD5 of d1626c35ff69e7e5bde5eea9f9a242713421e59197f4b6d77b914ed46976b933 2025-08-28
FileHash-MD5 52f42a40d24e1d62d1ed29b28778fc45 MD5 of 65c42a7ea18162a92ee982eded91653a5358a7129c7672715ce8ddb6027ec124 2025-08-28
FileHash-MD5 df4a0fa496e7971e9a5fa481dfb83725 MD5 of cc4db3d8049043fa62326d0b3341960f9a0cf9b54c2fbbdffdbd8761d99add79 2025-08-28
FileHash-MD5 f24fe0e35630a1d278e0b617ba1b94cb MD5 of c8744b10180ed59bf96cf79d7559249e9dcf0f90 2025-08-28
FileHash-MD5 fa71d60e43da381ad656192a41e38724 MD5 of e787f64af048b9cb8a153a0759555785c8fd3ee1e8efbca312a29f2acb1e4011 2025-08-28
FileHash-SHA1 080d8e82afed9237e368e1bb466437d75c9c842b SHA1 of d1626c35ff69e7e5bde5eea9f9a242713421e59197f4b6d77b914ed46976b933 2025-08-28
FileHash-SHA1 1ab2cda09723168e6a595402901a401e5f052e9f SHA1 of 65c42a7ea18162a92ee982eded91653a5358a7129c7672715ce8ddb6027ec124 2025-08-28
FileHash-SHA1 31ece4baeea8a6c94dd6b5cfa27b1a23b197ebdd SHA1 of e787f64af048b9cb8a153a0759555785c8fd3ee1e8efbca312a29f2acb1e4011 2025-08-28
FileHash-SHA1 6451769fb0612bd9bae9e1d3f5f4e89f2e12a083 SHA1 of cc4db3d8049043fa62326d0b3341960f9a0cf9b54c2fbbdffdbd8761d99add79 2025-08-28
FileHash-SHA1 907edc808da7c5feb175e9aa5dca3aed934a1331 SHA1 of 3299866538aff40ca85276f87dd0cefe4eafe167bd64732d67b06af4f3349916 2025-08-28
FileHash-SHA1 c8744b10180ed59bf96cf79d7559249e9dcf0f90 2025-08-28
FileHash-SHA1 eca96bd74fb6b22848751e254b6dc9b8e2721f96 2025-08-28
FileHash-SHA256 3299866538aff40ca85276f87dd0cefe4eafe167bd64732d67b06af4f3349916 2025-08-28
FileHash-SHA256 65c42a7ea18162a92ee982eded91653a5358a7129c7672715ce8ddb6027ec124 2025-08-28
FileHash-SHA256 6d473212d0cb7ab33a738807745b6cf151a2b5c331656774df59e1a4e2230468 SHA256 of c8744b10180ed59bf96cf79d7559249e9dcf0f90 2025-08-28
FileHash-SHA256 cc4db3d8049043fa62326d0b3341960f9a0cf9b54c2fbbdffdbd8761d99add79 2025-08-28
FileHash-SHA256 d1626c35ff69e7e5bde5eea9f9a242713421e59197f4b6d77b914ed46976b933 2025-08-28
FileHash-SHA256 e787f64af048b9cb8a153a0759555785c8fd3ee1e8efbca312a29f2acb1e4011 2025-08-28
domain mediareleaseupdates.com 2025-08-28
References (1)
↗ https://cloud.google.com/blog/topics/threat-intelligence/prc-nexus-espionage-targets-diplomats