Pulse Detail — Threat Intelligence

PULSE NAME

How BrickStorm Hid Inside Virtual Machines for Years

WHITE CODERED_VTA 2025-12-05 Modified: 2026-01-04

IOCs

MEDIUM VOLUME

The CISA cybersecurity and Infrastructure Security Agency (CISA) has released a report on the use of malware by Chinese state-sponsored cyber actors, which could lead to the release of a new report.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1003 T1021 T1036 T1037 T1041 T1071 T1078 T1083 T1090 T1105 T1505 T1548 T1574 T1531 T1080 T1140 T1106 T1547 T1573 T1059 T1027 T1095

MALWARE FAMILIES

Sponsored Cyber BRICKSTORM Espionage JSON BRICKSTORM Response BRICKSTORM Stealthy

Indicators of Compromise (8 / 36 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	0a4fa52803a389311a9ddc49b7b19138	—	2025-12-05
FileHash-MD5	18f895e24fe1181bb559215ff9cf6ce3	—	2025-12-05
FileHash-MD5	39111508bfde89ce6e0fe6abe0365552	—	2025-12-05
FileHash-MD5	82bf31e7d768e6d4d3bc7c8c8ef2b358	—	2025-12-05
FileHash-MD5	8e4c88d00b6eb46229a1ed7001451320	—	2025-12-05
FileHash-MD5	a02469742f7b0bc9a8ab5e26822b3fa8	—	2025-12-05
FileHash-MD5	a52e36a70b5e0307cbcaa5fd7c97882c	—	2025-12-05
FileHash-MD5	dbca28ad420408850a94d5c325183b28	—	2025-12-05

References (1)

↗ https://www.cisa.gov/news-events/analysis-reports/ar25-338a