← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Confucius Espionage: From Stealer to Backdoor
WHITE Confucius Tr1sa111 2025-10-06 Modified: 2025-10-06
26
IOCs
MEDIUM VOLUME
anondoorsouth asiapython backdoorpakistancyber-espionageobfuscationlnk fileswooperstealer
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
WooperStealer AnonDoor
Indicators of Compromise (26)
All FileHash-SHA256 URL domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 06b8f395fc6b4fda8d36482a4301a529c21c60c107cbe936e558aef9f56b84f6 2025-10-06
FileHash-SHA256 11391799ae242609304ef71b0efb571f11ac412488ba69d6efc54557447d022f 2025-10-06
FileHash-SHA256 13ca36012dd66a7fa2f97d8a9577a7e71d8d41345ef65bf3d24ea5ebbb7c5ce1 2025-10-06
FileHash-SHA256 24b06b5caad5b09729ccaffa5a43352afd2da2c29c3675b17cae975b7d2a1e62 2025-10-06
FileHash-SHA256 4206ab93ac9781c8367d8675292193625573c2aaacf8feeaddd5b0cc9136d2d1 2025-10-06
FileHash-SHA256 5a0dd2451a1661d12ab1e589124ff8ecd2c2ad55c8f35445ba9cf5e3215f977e 2025-10-06
FileHash-SHA256 8603b9fa8a6886861571fd8400d96a705eb6258821c6ebc679476d1b92dcd09e 2025-10-06
FileHash-SHA256 c91917ff2cc3b843cf9f65e5798cd2e668a93e09802daa50e55a842ba9e505de 2025-10-06
URL http://bloomwpp.info/JRC89.xn--kut;-ib7a 2025-10-06
URL http://bloomwpp.info/KM9XFY.xn--kut;curl-fq3d 2025-10-06
URL http://bloomwpp.info/WTBXX46.xn--kut;$j=$env:tmp-0y9h 2025-10-06
URL http://marshmellowflowerscar.info 2025-10-06
URL https://bloomwpp.info/DubjW967VGHD3ykdnhkdhn/dsdcrjhdeenidufoft.py 2025-10-06
URL https://bloomwpp.info/hjdfyebvghu.pyc 2025-10-06
URL https://bloomwpp.info/hjopjhfgda.ps1 2025-10-06
URL https://greenxeonsr.info/Jsdfwejhrg.rko 2025-10-06
URL https://petricgreen.info/BWN9ZAP.xn--rko;-ib7a 2025-10-06
URL https://petricgreen.info/RPXFD38WAPR7.xn--rko;$j=$env:tmp-0y9h 2025-10-06
domain bloomwpp.info 2025-10-06
domain cornfieldblue.info 2025-10-06
domain dropmicis.info 2025-10-06
domain greenxeonsr.info 2025-10-06
domain hauntedfishtree.info 2025-10-06
domain marshmellowflowerscar.info 2025-10-06
domain martkartout.info 2025-10-06
domain petricgreen.info 2025-10-06
References (1)
↗ https://www.fortinet.com/blog/threat-research/confucius-espionage-from-stealer-to-backdoor