← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - 摩诃草(APT-Q-36)利用 WebSocket 的新木马 StreamSpy 分析
WHITE celestre 2025-12-03 Modified: 2025-12-03
45
IOCs
MEDIUM VOLUME
摩诃草,又名 Patchwork、白象、Hangover、Dropping Elephant 等,奇安信内部跟踪编号 APT-Q-36。该组织被普遍认为具有南亚地区背景,其最早攻击活动可追溯到 2009 年 11 月,已持续活跃 10 余年。该组织主要针对亚洲地区的国家进行网络间谍活动,攻击目标包括政府、军事、电力、工业、科研教育、外交和经济等领域的组织机构。
streamspyspyder
Indicators of Compromise (45)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0fe90212062957a529cba3938613c4da 2025-12-03
FileHash-MD5 1c335be51fc637b50d41533f3bef2251 2025-12-03
FileHash-MD5 20c9ac59c444625a7ee364b410da8f11 2025-12-03
FileHash-MD5 838e4d85346001dd04e11359b04c7c24 2025-12-03
FileHash-MD5 c3c277cca23f3753721435da80cad1ea 2025-12-03
FileHash-MD5 df626ce2ad3d3dea415984a9d3839373 2025-12-03
FileHash-MD5 e0ac399cff3069104623cc38395bd946 2025-12-03
FileHash-MD5 e4a7a85feff6364772cf1d12d8153a69 2025-12-03
FileHash-MD5 f78fd7e4d92743ef6026de98291e8dee 2025-12-03
FileHash-SHA1 02dd360d10d091b3985b0d21b559b15b834fd066 SHA1 of 20c9ac59c444625a7ee364b410da8f11 2025-12-03
FileHash-SHA1 0559c07b81a6816a816d461c6b2e292a9291f139 SHA1 of f78fd7e4d92743ef6026de98291e8dee 2025-12-03
FileHash-SHA1 2f09d4bec51ae223b3e4b93313f3566dc93a84d9 SHA1 of 0fe90212062957a529cba3938613c4da 2025-12-03
FileHash-SHA1 3721f0e042ecddc713e8899a34b873c9950e0995 SHA1 of 838e4d85346001dd04e11359b04c7c24 2025-12-03
FileHash-SHA1 bd924b5c3d21a93442e02c2934c2ee3b53bc113b SHA1 of df626ce2ad3d3dea415984a9d3839373 2025-12-03
FileHash-SHA1 ce414a048da1d518e5a14ad6568b748ba77353cd SHA1 of 1c335be51fc637b50d41533f3bef2251 2025-12-03
FileHash-SHA256 331e7af55dc9e985a7918926b308ca3c24b1c47257c187de6481354c96f95b1e SHA256 of df626ce2ad3d3dea415984a9d3839373 2025-12-03
FileHash-SHA256 3a4f47c60edf1e00adb3ca60a7643062657fe2c6dd85ace9dfd8fdec47078d4e SHA256 of f78fd7e4d92743ef6026de98291e8dee 2025-12-03
FileHash-SHA256 6c4c388acbd9790526cc7e8c567e430540436da94c6febe0766a1bdc39016da7 SHA256 of 838e4d85346001dd04e11359b04c7c24 2025-12-03
FileHash-SHA256 9e4ba7cb08868ec0f88e6f3cd6e95c8e377f4f821860380d7ff2ea61347c2d0b SHA256 of 0fe90212062957a529cba3938613c4da 2025-12-03
FileHash-SHA256 dbe909b6c6c03b4000d96de1f4b1bdd10eef8ef34876a648a00cd5ee7117bd31 SHA256 of 1c335be51fc637b50d41533f3bef2251 2025-12-03
FileHash-SHA256 dc297aded70b0692ad0a24509e7bbec210bc0a1c7a105e99e1a8f76e3861ad34 SHA256 of 20c9ac59c444625a7ee364b410da8f11 2025-12-03
URL http://adobefileshare.com/download 2025-12-03
URL http://adobefileshare.com/getData 2025-12-03
URL http://adobefileshare.com/getfilename 2025-12-03
URL http://azureinternalupdates.com/download 2025-12-03
URL http://azureinternalupdates.com/getData 2025-12-03
URL http://azureinternalupdates.com/getfilename 2025-12-03
URL http://www.mydropboxbackup.com/analytics/stream 2025-12-03
URL http://www.virtualworldsapinner.com/insights/stream 2025-12-03
URL http://www.virtualworldsapinner.com/metrics/stream 2025-12-03
URL https://brityservice.info/ZxStpliGBsfdutMawer/lkhgBrPUyXbgIlErAStyilzsh/N1/SA 2025-12-03
URL https://brityservice.info/ZxStpliGBsfdutMawer/sIOklbgrTYULKcsdGBZxsfetmw 2025-12-03
URL https://scrollzshare.info/eeCetyUo8Tr 2025-12-03
URL https://www.mydropboxbackup.com/analytics/ 2025-12-03
URL https://www.virtualworldsapinner.com/insights/ 2025-12-03
URL https://www.virtualworldsapinner.com/metrics/ 2025-12-03
domain adobefileshare.com 2025-12-03
domain azureinternalupdates.com 2025-12-03
domain brityservice.info 2025-12-03
domain firebasescloudemail.com 2025-12-03
domain mydropboxbackup.com 2025-12-03
domain scrollzshare.info 2025-12-03
domain virtualworldsapinner.com 2025-12-03
hostname www.mydropboxbackup.com 2025-12-03
hostname www.virtualworldsapinner.com 2025-12-03
References (1)
↗ https://www.ctfiot.com/284804.html