← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
How BrickStorm Hid Inside Virtual Machines for Years
WHITE CODERED_VTA 2025-12-05 Modified: 2026-01-04
36
IOCs
MEDIUM VOLUME
The CISA cybersecurity and Infrastructure Security Agency (CISA) has released a report on the use of malware by Chinese state-sponsored cyber actors, which could lead to the release of a new report.
strongbrickstormsamplecisac2 servervmwaretableweb servicecyber centregoogleentropyaprilmalwaretoolstechlocalsectordownloadformaticmpagentpowershellhypervisorscrolllaunchkalisponsored cyberbrickstorm espionagejsoncommand handlerhandlerresponse brickstormstealthy
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Sponsored Cyber BRICKSTORM Espionage JSON BRICKSTORM Response BRICKSTORM Stealthy
Indicators of Compromise (6 / 36 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL email hostname
TYPEINDICATORDESCRIPTIONCREATED
URL https://149.112.112.112/dns-query' 2025-12-05
URL https://45.90.28.160/dns-query' 2025-12-05
URL https://45.90.30.160/dns-query' 2025-12-05
URL https://9.9.9.11/dns-query' 2025-12-05
URL https://www.nviso.eu/blog/nviso-analyzes-brickstorm-espionage-backdoor 2025-12-05
URL https://www.nviso.eu/blog/nviso-analyzes-brickstorm-espionage-backdoor. 2025-12-05
References (1)
↗ https://www.cisa.gov/news-events/analysis-reports/ar25-338a