ioc[.]one - OSINT Cyber Threat Intelligence Database

Grayfly: Chinese Threat Actor Uses Newly-discovered Sidewalk Malware

Tags

country:

Australia Malaysia Chile China Hong Kong India Indonesia Pakistan Japan South Korea Thailand Mexico Singapore Vietnam Taiwan United Kingdom United States Of America

attack-pattern:

Credentials - T1589.001 Exploits - T1587.004 Exploits - T1588.005 Installutil - T1218.004 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Shell - T1505.003 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Installutil - T1118 Powershell - T1086 Scheduled Task - T1053 Web Shell - T1100

Show in Graph

Common Information

Type	Value
UUID	93288686-d972-480b-aa58-f5efdc20e122
Fingerprint	8781919180e598f0
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 9, 2021, midnight
Added to db	Sept. 11, 2022, 12:43 p.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Grayfly: Chinese Threat Actor Uses Newly-discovered Sidewalk Malware
Title	Grayfly: Chinese Threat Actor Uses Newly-discovered Sidewalk Malware
Detected Hints/Tags/Attributes	88/2/15

Source URLs

	Redirection	Url
Details	Source	https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/grayfly-china-sidewalk-malware

URL Provider

Details	Provider	Source level domain
Details	security.com	symantec-enterprise-blogs.security.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	285		microsoft.net
Details	File	1		c:\windows\temp\importcontactlist_-.aspx
Details	File	1		c:\windows\temp\importcontactlist.aspx
Details	File	83		installutil.exe
Details	File	1		webapi.config
Details	File	2126		cmd.exe
Details	File	1		c:\users\public\schtask.bat
Details	File	1		ulsassx64.exe
Details	sha256	1		b3eb783b017da32e33d19670b39eae0b11de8e983891dd4feb873d6e9333608d
Details	sha256	1		1b5b37790b2029902d2d6db2da20da4d0d7846b20e32434f01b2d384eba0eded
Details	sha256	1		b732bba813c06c1c92975b34eda400a84b5cc54a460eeca309dfecbe9b559bd4
Details	sha256	2		04f6fc49da69838f5b511d8f996dc409a53249099bd71b3c897b98ad97fd867c
Details	sha256	1		25a7c1f94822dc61211de253ff0a5805a0eb83921126732a0d52b1f1967cf079
Details	IPv4	1		172.16.140.234
Details	Threat Actor Identifier - APT	522		APT41