Operation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government
Tags
Common Information
| Type | Value |
|---|---|
| UUID | a2487941-dee2-4e4a-b38f-19885dcffa3b |
| Fingerprint | 35b474b98395c78d |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 5, 2024, 10 a.m. |
| Added to db | Oct. 17, 2024, 11:25 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Operation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government |
| Title | Operation Crimson Palace: Sophos threat hunting unveils multiple clusters of Chinese state-sponsored activity targeting Southeast Asian government |
| Detected Hints/Tags/Attributes | 103/2/21 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | message.ooguy.com |
|
| Details | Domain | 1 | speedtest.com |
|
| Details | Domain | 1 | googlespeedtest33.com |
|
| Details | Domain | 2 | vietsovspeedtest.com |
|
| Details | Domain | 2 | evnpowerspeedtest.com |
|
| Details | File | 11 | vmnat.exe |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 1 | instsrv.exe |
|
| Details | File | 3 | srvany.exe |
|
| Details | File | 41 | mscorsvw.exe |
|
| Details | File | 74 | mstsc.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1 | sslwnd64.exe |
|
| Details | File | 1 | 443.txt |
|
| Details | IPv4 | 3 | 198.13.47.158 |
|
| Details | Threat Actor Identifier - APT | 522 | APT41 |
|
| Details | Threat Actor Identifier - APT | 85 | APT15 |
|
| Details | Threat Actor Identifier by Sophos | 5 | STAC1248 |
|
| Details | Threat Actor Identifier by Sophos | 1 | STAC1807 |
|
| Details | Threat Actor Identifier by Sophos | 5 | STAC1305 |
|
| Details | Threat Actor Identifier by Sophos | 5 | STAC1870 |