← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - 摩诃草(APT-Q-36)利用 WebSocket 的新木马 StreamSpy 分析
WHITE celestre 2025-12-03 Modified: 2025-12-03
45
IOCs
MEDIUM VOLUME
摩诃草,又名 Patchwork、白象、Hangover、Dropping Elephant 等,奇安信内部跟踪编号 APT-Q-36。该组织被普遍认为具有南亚地区背景,其最早攻击活动可追溯到 2009 年 11 月,已持续活跃 10 余年。该组织主要针对亚洲地区的国家进行网络间谍活动,攻击目标包括政府、军事、电力、工业、科研教育、外交和经济等领域的组织机构。
streamspyspyder
Indicators of Compromise (6 / 45 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 02dd360d10d091b3985b0d21b559b15b834fd066 SHA1 of 20c9ac59c444625a7ee364b410da8f11 2025-12-03
FileHash-SHA1 0559c07b81a6816a816d461c6b2e292a9291f139 SHA1 of f78fd7e4d92743ef6026de98291e8dee 2025-12-03
FileHash-SHA1 2f09d4bec51ae223b3e4b93313f3566dc93a84d9 SHA1 of 0fe90212062957a529cba3938613c4da 2025-12-03
FileHash-SHA1 3721f0e042ecddc713e8899a34b873c9950e0995 SHA1 of 838e4d85346001dd04e11359b04c7c24 2025-12-03
FileHash-SHA1 bd924b5c3d21a93442e02c2934c2ee3b53bc113b SHA1 of df626ce2ad3d3dea415984a9d3839373 2025-12-03
FileHash-SHA1 ce414a048da1d518e5a14ad6568b748ba77353cd SHA1 of 1c335be51fc637b50d41533f3bef2251 2025-12-03
References (1)
↗ https://www.ctfiot.com/284804.html