← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Breakingdown of Patchwork APT
WHITE PetrP.73 2025-09-30 Modified: 2025-09-30
11
IOCs
MEDIUM VOLUME
Patchwork APT, also referred to as Dropping Elephant, Monsoon, and Hangover Group, has been operational since at least 2015 with a primary focus on collecting political and military intelligence. This threat actor directs its efforts toward organizations in South and Southeast Asia, emphasizing its strategic targeting of critical sectors. A key characteristic of Patchwork APT is its persistence and adaptiveness; instead of creating new exploits, it often reuses and modifies existing malware and tools. This approach allows the group to operationalize threats more efficiently.
c2 serverpost payloadpost requestwebclientprotean methodpatchwork aptmonsoonhangover groupsouthsoutheast asiapowershellmimiccharmurlencodedtrojanpostprotean
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Protean
Indicators of Compromise (3 / 11 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 2f329a1171d2c6b1471604bf76157b6487c3e59d21bf4a0856e29dc4ba8753cb SHA256 of 8c342a5519400df4044e2ed75ea5a936 2025-09-30
FileHash-SHA256 b7c1a2f05b74613f8ff47d40c0a8562121bfb97482421c4475355b9ccd53c866 SHA256 of 92c13c07a4459bc5bae59bdea17284de 2025-09-30
FileHash-SHA256 d20d4e90de355c90f4d9a0b7b80cf1aa32fe8b9b7aba5db730cfdde16df43021 SHA256 of dfbdd34e0e463bb2266cab599396aa02 2025-09-30
References (1)
↗ https://labs.k7computing.com/index.php/breakingdown-of-patchwork-apt/