Pulse Detail — Threat Intelligence

PULSE NAME

How BrickStorm Hid Inside Virtual Machines for Years

WHITE CODERED_VTA 2025-12-05 Modified: 2026-01-04

IOCs

MEDIUM VOLUME

The CISA cybersecurity and Infrastructure Security Agency (CISA) has released a report on the use of malware by Chinese state-sponsored cyber actors, which could lead to the release of a new report.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1003 T1021 T1036 T1037 T1041 T1071 T1078 T1083 T1090 T1105 T1505 T1548 T1574 T1531 T1080 T1140 T1106 T1547 T1573 T1059 T1027 T1095

MALWARE FAMILIES

Sponsored Cyber BRICKSTORM Espionage JSON BRICKSTORM Response BRICKSTORM Stealthy

Indicators of Compromise (8 / 36 total)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-SHA1	10d811029f6e5f58cd06143d6353d3b05bc06d0f	—	2025-12-05
FileHash-SHA1	44a3d3f15ef75d9294345462e1b82272b0d11985	—	2025-12-05
FileHash-SHA1	97001baaa379bcd83677dca7bc5b8048fdfaaddc	—	2025-12-05
FileHash-SHA1	9bf4c786ebd68c0181cfe3eb85d2fd202ed12c54	—	2025-12-05
FileHash-SHA1	c3549d4e5e39a11f609fc6fbf5cc1f2c0ec272b4	—	2025-12-05
FileHash-SHA1	de28546ec356c566cd8bca205101a733e9a4a22d	—	2025-12-05
FileHash-SHA1	f639d9404c03af86ce452db5c5e0c528b81dc0d7	—	2025-12-05
FileHash-SHA1	fb11c6caa4ea844942fe97f46d7eb42bc76911ab	—	2025-12-05

References (1)

↗ https://www.cisa.gov/news-events/analysis-reports/ar25-338a