← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Frontline Intelligence: Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem | Google Cloud Blog
WHITE celestre 2025-11-19 Modified: 2025-12-19
14
IOCs
MEDIUM VOLUME
A new report from security firm Mandiant outlines the tactics and tools used by a group targeting the aerospace, aviation and defense industries in the Middle East in late 2023 to mid-2024.
unc1549twostrokemandiantminibikedll searchlightraildllsc2 serverzip filelastenzugfebruarycompilervirustotalc++deeprootlinuxazure adtrusttrapdcsyncer.slick
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
TWOSTROKE C++ DEEPROOT Linux Azure AD TRUSTTRAP DCSYNCER.SLICK LIGHTRAIL
Indicators of Compromise (14)
All FileHash-MD5 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 10f16991665df69d1ccd5187e027cf3d 2025-11-19
FileHash-MD5 b2bd275f97cb95c7399065b57f90bb6c 2025-11-19
URL https://aaaaaaaaaaaaaaaaaa.bbbbbb.cccccccc.ddddd.com/page 2025-11-19
domain airplaneserviceticketings.com 2025-11-19
domain airtravellog.com 2025-11-19
domain automationagencybusiness.com 2025-11-19
domain fdtsprobusinesssolutions.com 2025-11-19
domain forcecodestore.com 2025-11-19
domain politicalanorak.com 2025-11-19
domain thetacticstore.com 2025-11-19
domain tini-ventures.com 2025-11-19
domain vcs-news.com 2025-11-19
hostname aaaaaaaaaaaaaaaaaa.bbbbbb.cccccccc.ddddd.com 2025-11-19
hostname airbus.usa-careers.com 2025-11-19
References (1)
↗ https://cloud.google.com/blog/topics/threat-intelligence/analysis-of-unc1549-ttps-targeting-aerospace-defense/