← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud
WHITE UAT-8099 Tr1sa111 2025-10-06 Modified: 2025-11-01
80
IOCs
HIGH VOLUME
chinese-speakingweb shellsdata theftseo fraudbadiiscybercrimeiis serverscobalt strike
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (80)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 f9f87fcfd6ecc6d65381f97aec65f75b 2025-10-06
FileHash-SHA1 085bdd7a4b4e69a1bf7fbe50b15187c64be52763 2025-10-06
FileHash-SHA1 c12024f2444daeca42ebb6dbd428317bced6ef8d 2025-10-06
FileHash-SHA1 f18a6fa421469a6041b080ba992080cd83fbcdd5 2025-10-06
FileHash-SHA256 046417685ad2eb075f33a0f757391df84750d2395fa6f82b1f05359710b7c9b6 2025-10-06
FileHash-SHA256 0511345f452e8c5ff2ca903553ba72f4fcb4f029f72b12e27f6a33e33977e5d2 2025-10-06
FileHash-SHA256 088fa3063c3015978955b572d5ddcff0838a945ce25665f24cca83d33e039cb9 2025-10-06
FileHash-SHA256 0afa8830d2c664a192af94b638ab6b1c096d13e41a7f1886b71ff020e0d9bd93 2025-10-06
FileHash-SHA256 0c364717dea76cbff870a2dbf2099213615a4caacaa5de61f7271c7eec73759f 2025-10-06
FileHash-SHA256 0c532a4a9f398fa2f5e12c2eac00c81ff4a70ac6746cf462c3f2206ed910693f 2025-10-06
FileHash-SHA256 1149c50a049dca8ada30247532d0b2f18b94c199b45fd5dc129b5a9fda0991e9 2025-10-06
FileHash-SHA256 1d17bd82d15331fd9787511da1c7b1c5cf40deef371a43d63ec524b4d90f6b84 2025-10-06
FileHash-SHA256 223ebe3875f876a951e700a153901b05e9c166ca6151ca35219c8b544ea30c01 2025-10-06
FileHash-SHA256 299aabc6b9b03d92a6aed9d12eed45a669e5795763092693ac98322107cf8217 2025-10-06
FileHash-SHA256 2eedd804c1fa4578485b55f4872145b7f891016510fe88fa760b61b8248dec82 2025-10-06
FileHash-SHA256 3bd3a328dbe4ddefa177f7c367d8d9536a3d0e7debd1648e376534f0c5cac98f 2025-10-06
FileHash-SHA256 3fb2fd80c7bc8cf69594ad36b18972eb771585bc5733f456eeef1448e8d77713 2025-10-06
FileHash-SHA256 49740a5785f0d6790ee7f82915d2a95866332fc3eaf6fb0da59645404e4aed0c 2025-10-06
FileHash-SHA256 5284d5e034aa8c077469d3ef8fb2c09aa041c475703ea99c87855cf6eecf9564 2025-10-06
FileHash-SHA256 5a6dd4bb2db005adee56732b96fa6f4ceed47fc42298daf7bb3e6db32b59eac6 2025-10-06
FileHash-SHA256 704ce326c380e4a35594df2b7d9bd17517709378451f3d9788728d01df36d0f6 2025-10-06
FileHash-SHA256 7276bc5fe4d29daf7a23a9a68022330290be45cc3a5a1d76e82063135b85ce5c 2025-10-06
FileHash-SHA256 74eb8d245d5571f3ee9a4e5417fb919034662681ff26a298a3526032307f16a4 2025-10-06
FileHash-SHA256 762db01f0dc61a3f4aa1695cb24a92fa21d236d8c5577926337ac1799d6569a5 2025-10-06
FileHash-SHA256 78f813c4474dcb4a1be9354d341bedcae6ef8689828a150c5936c308a0490777 2025-10-06
FileHash-SHA256 7ddf475abc6e01a1e703f4c54e5a2c8601fef4767b3b1859b78cfdc18b173004 2025-10-06
FileHash-SHA256 85cf3c802a97facb5ae4c1e945c5042915017f35bdf1a570754b88710facf3f3 2025-10-06
FileHash-SHA256 879ee17ff9225e2c71d818eea5addd7ce3c41a4100a98bd5d29d4cb4f2dadf22 2025-10-06
FileHash-SHA256 87ffb0bb7d8dd89bfc5d106a07d0c4a4f51c03d355848abcf52fbe8c7087cf5b 2025-10-06
FileHash-SHA256 8b154b9c9b15bc2ec4849c182c926c46bf9de561e4359cbdaf5f0ca90a4f869d 2025-10-06
FileHash-SHA256 8b2a61f29fdeda908d299515975a4dd3abd1a7508dbe8487bcb2a56fad2ec16f 2025-10-06
FileHash-SHA256 8edfa205175912a6a8d31b821b027a67f0a8413528f6fc02f544fba18d75aa4e 2025-10-06
FileHash-SHA256 94d8eaef036231cd604d0c769f0918e826501644a149876c09e967811c104860 2025-10-06
FileHash-SHA256 980f5ccbcf1b1e56095acf8e63821ef0b365f4db1ca811515e29106b8d0f9d30 2025-10-06
FileHash-SHA256 993fc46080d49c4ec814b4a3b2bf38faf2a6d59fe8a0638164b6fa27fa66e6e0 2025-10-06
FileHash-SHA256 b3d08508b1e8962e56da007408450e2a40fae8cac1ee7d526914be80e31f6854 2025-10-06
FileHash-SHA256 b8626f0c45c68f6176540a64e2f8c6d5ac8b942a5ec030b590870a6eaffb931f 2025-10-06
FileHash-SHA256 c85a942a0d17c7accbabbf68ce04635327b757a662687c798e998c983c2a744c 2025-10-06
FileHash-SHA256 c922ef32c4ab94f8b870c62883f3e41755ec705db76ec4efb0d343458f1e28c7 2025-10-06
FileHash-SHA256 cbb4a9172f4b0185d3aecbaa60b8e04d8910889da8905e5089df3efdec0a38dd 2025-10-06
FileHash-SHA256 cd86344937c7e7c9895fde8eecc682eb347c583e1ded491075aef548a8e255a4 2025-10-06
FileHash-SHA256 e042f1a9b0a1d69311a5a1bd4eea37cc1a8a02cffe3f9ad5eb0c78fa79f326e2 2025-10-06
FileHash-SHA256 e1342bca7bc4f3ff9453c68cd16532f4e6567a1ada37b6e2635cbc1c1ba325ac 2025-10-06
FileHash-SHA256 ee6288fa8e5f111571475211b15522bc987da8421e9687a8089d1edef1df14a2 2025-10-06
FileHash-SHA256 f3abb0cc802f3d7b95fc8762b94bdcb13bf39634c40c357301c4aa1d67a256fb 2025-10-06
FileHash-SHA256 f659c4cfe4517a07b9c944cb7818be4022fdc42187766808ad02987a4152a875 2025-10-06
FileHash-SHA256 f7cc8cf5a8e565c1aa8b7bd524f4f9fac392387de749657cb9d1cf4d694c4ad2 2025-10-06
FileHash-SHA256 fee057cee9da92d3d29078e7c30da7472ce99cc2ecaf4e13e8b3d6f266a6d35f 2025-10-06
domain 2fgithub.com 2025-10-06
domain meindi11.com 2025-10-06
domain mejsc1.com 2025-10-06
hostname alex.rootggseo.com 2025-10-06
hostname ar.ggseocdn.com 2025-10-06
hostname ar.mnnoxzmq.com 2025-10-06
hostname aspx2.ggseocdn.com 2025-10-06
hostname buvmfuwecndskmkvhndfjk.dfbdfwrthgef.top 2025-10-06
hostname bx.ggseocdn.com 2025-10-06
hostname bx.westooo.com 2025-10-06
hostname bxphp.ggseocdn.com 2025-10-06
hostname cdn.windowserrorapis.com 2025-10-06
hostname ceshi.mejsc4.com 2025-10-06
hostname cheng.win123888.com 2025-10-06
hostname google.dfbdfwrthgef.top 2025-10-06
hostname iis.ihack.one 2025-10-06
hostname joyddll.westooo.com 2025-10-06
hostname joydphp.westooo.com 2025-10-06
hostname link.mejsc4.com 2025-10-06
hostname list.ggseocdn.com 2025-10-06
hostname mo2dll.win123888.com 2025-10-06
hostname modll.win123888.com 2025-10-06
hostname mulu.ihack.one 2025-10-06
hostname suidcbdewjskbcsdjvbwehcsdj.dfbdfwrthgef.top 2025-10-06
hostname tdk.ihack.one 2025-10-06
hostname th1.ggseocdn.com 2025-10-06
hostname th1.win123888.com 2025-10-06
hostname x2.ggseocdn.com 2025-10-06
hostname x3.ggseocdn.com 2025-10-06
hostname x5.westooo.com 2025-10-06
hostname xl.luodixijin.com 2025-10-06
hostname xldll.xijingdafa.com 2025-10-06
References (2)
↗ https://blog.talosintelligence.com/uat-8099-chinese-speaking-cybercrime-group-seo-fraud/ ↗ https://github.com/Cisco-Talos/IOCs/blob/main/2025/09/uat-8099-chinese-speaking-cybercrime-group-seo-fraud.txt