ioc[.]one - OSINT Cyber Threat Intelligence Database

Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting

Tags

country:	China Germany France Mongolia Philippines Taiwan
attack-pattern:	Data Dll Side-Loading - T1574.002 Dns - T1071.004 Dns - T1590.002 Dns Server - T1583.002 Dns Server - T1584.002 Ip Addresses - T1590.005 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Process Hollowing - T1055.012 Search Engines - T1593.002 Software - T1592.002 Dll Side-Loading - T1073 Process Hollowing - T1093

Show in Graph

Common Information

Type	Value
UUID	6c84c007-deee-4fff-ba20-1f3df9b13178
Fingerprint	b534b91ba8bb8681
Analysis status	DONE
Considered CTI value	0
Text language
Published	March 1, 2023, midnight
Added to db	Oct. 15, 2024, 4:49 p.m.
Last updated	Nov. 16, 2024, 8:03 p.m.
Headline	Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting
Title	Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting
Detected Hints/Tags/Attributes	106/2/33

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_se/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html
Details	Source	https://www.trendmicro.com/en_be/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html
Details	Source	https://www.trendmicro.com/en_gb/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html
Details	Source	https://www.trendmicro.com/en_no/research/23/c/iron-tiger-sysupdate-adds-linux-targeting.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	dev.gitlabs.me
Details	Domain	41	multi-user.target
Details	Domain	1	xinda.im
Details	File	7	rc.exe
Details	File	1	rc.dll
Details	File	1	rc.bin
Details	File	1	inisafewebsso.exe
Details	File	5	30.dll
Details	File	1	30.bin
Details	File	2	rcdll.dll
Details	File	1	rcdll.bin
Details	File	7	dlpumgr32.exe
Details	File	9	dlpprem32.dll
Details	File	1	sv.bin
Details	File	1	gdfinstall.exe
Details	File	2	gameuxinstallhelper.dll
Details	File	1	sysconfig.bin
Details	File	1	route-null.exe
Details	File	1	libwazuhshared.dll
Details	File	1	wazuhext.bin
Details	File	1	agent-config.bin
Details	File	1	wazuh-agent.exe
Details	File	4	libwinpthread-1.dll
Details	File	5	textinputhost.exe
Details	File	37	multi-user.tar
Details	File	1	vmprotectdemo.exe
Details	File	1	vmprotect.exe
Details	File	1	vmprotect_con.exe
Details	File	1	194.exe
Details	File	99	passwords.txt
Details	File	31	cookies.txt
Details	sha256	1	e24b29a1df287fe947018c33590a0b443d6967944b281b70fba7ea6556d00109
Details	IPv4	295	8.8.8.8