← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
How BrickStorm Hid Inside Virtual Machines for Years
WHITE CODERED_VTA 2025-12-05 Modified: 2026-01-04
36
IOCs
MEDIUM VOLUME
The CISA cybersecurity and Infrastructure Security Agency (CISA) has released a report on the use of malware by Chinese state-sponsored cyber actors, which could lead to the release of a new report.
strongbrickstormsamplecisac2 servervmwaretableweb servicecyber centregoogleentropyaprilmalwaretoolstechlocalsectordownloadformaticmpagentpowershellhypervisorscrolllaunchkalisponsored cyberbrickstorm espionagejsoncommand handlerhandlerresponse brickstormstealthy
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Sponsored Cyber BRICKSTORM Espionage JSON BRICKSTORM Response BRICKSTORM Stealthy
Indicators of Compromise (36)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL email hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 0a4fa52803a389311a9ddc49b7b19138 2025-12-05
FileHash-MD5 18f895e24fe1181bb559215ff9cf6ce3 2025-12-05
FileHash-MD5 39111508bfde89ce6e0fe6abe0365552 2025-12-05
FileHash-MD5 82bf31e7d768e6d4d3bc7c8c8ef2b358 2025-12-05
FileHash-MD5 8e4c88d00b6eb46229a1ed7001451320 2025-12-05
FileHash-MD5 a02469742f7b0bc9a8ab5e26822b3fa8 2025-12-05
FileHash-MD5 a52e36a70b5e0307cbcaa5fd7c97882c 2025-12-05
FileHash-MD5 dbca28ad420408850a94d5c325183b28 2025-12-05
FileHash-SHA1 10d811029f6e5f58cd06143d6353d3b05bc06d0f 2025-12-05
FileHash-SHA1 44a3d3f15ef75d9294345462e1b82272b0d11985 2025-12-05
FileHash-SHA1 97001baaa379bcd83677dca7bc5b8048fdfaaddc 2025-12-05
FileHash-SHA1 9bf4c786ebd68c0181cfe3eb85d2fd202ed12c54 2025-12-05
FileHash-SHA1 c3549d4e5e39a11f609fc6fbf5cc1f2c0ec272b4 2025-12-05
FileHash-SHA1 de28546ec356c566cd8bca205101a733e9a4a22d 2025-12-05
FileHash-SHA1 f639d9404c03af86ce452db5c5e0c528b81dc0d7 2025-12-05
FileHash-SHA1 fb11c6caa4ea844942fe97f46d7eb42bc76911ab 2025-12-05
FileHash-SHA256 013211c56caaa697914b5b5871e4998d0298902e336e373ebb27b7db30917eaf 2025-12-05
FileHash-SHA256 22c15a32b69116a46eb5d0f2b228cc37cd1b5915a91ec8f38df79d3eed1da26b 2025-12-05
FileHash-SHA256 320a0b5d4900697e125cebb5ff03dee7368f8f087db1c1570b0b62f5a986d759 2025-12-05
FileHash-SHA256 39b3d8a8aedffc1b40820f205f6a4dc041cd37262880e5030b008175c45b0c46 2025-12-05
FileHash-SHA256 57bd98dbb5a00e54f07ffacda1fea91451a0c0b532cd7d570e98ce2ff741c21d 2025-12-05
FileHash-SHA256 73fe8b8fb4bd7776362fd356fdc189c93cf5d9f6724f6237d829024c10263fe5 2025-12-05
FileHash-SHA256 aaf5569c8e349c15028bc3fac09eb982efb06eabac955b705a6d447263658e38 2025-12-05
FileHash-SHA256 b3b6a992540da96375e4781afd3052118ad97cfe60ccf004d732f76678f6820a 2025-12-05
FileHash-SHA256 b91881cb1aa861138f2063ec130b2b01a8aaf0e3f04921e5cbfc61b09024bf12 2025-12-05
FileHash-SHA256 bfb3ffd46b21b2281374cd60bc756fe2dcc32486dcc156c9bd98f24101145454 2025-12-05
FileHash-SHA256 dfac2542a0ee65c474b91d3b352540a24f4e223f1b808b741cfe680263f0ee44 2025-12-05
FileHash-SHA256 f7cda90174b806a34381d5043e89b23ba826abcc89f7abd520060a64475ed506 2025-12-05
URL https://149.112.112.112/dns-query' 2025-12-05
URL https://45.90.28.160/dns-query' 2025-12-05
URL https://45.90.30.160/dns-query' 2025-12-05
URL https://9.9.9.11/dns-query' 2025-12-05
URL https://www.nviso.eu/blog/nviso-analyzes-brickstorm-espionage-backdoor 2025-12-05
email contact@cyber.gc.ca 2025-12-05
hostname www.nviso.eu 2025-12-05
URL https://www.nviso.eu/blog/nviso-analyzes-brickstorm-espionage-backdoor. 2025-12-05
References (1)
↗ https://www.cisa.gov/news-events/analysis-reports/ar25-338a