Salt Typhoon: A Persistent Threat to Global Telecommunications Infrastructure
Tags
Common Information
Type | Value |
---|---|
UUID | c4c25667-3dce-4463-8521-8a0b4d27e41a |
Fingerprint | b550991104b9ff01 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Dec. 20, 2024, 12:17 p.m. |
Added to db | Dec. 21, 2024, 3:40 a.m. |
Last updated | Dec. 24, 2024, 1:43 p.m. |
Headline | Salt Typhoon: A Persistent Threat to Global Telecommunications Infrastructure |
Title | Salt Typhoon: A Persistent Threat to Global Telecommunications Infrastructure |
Detected Hints/Tags/Attributes | 162/4/159 |
Source URLs
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 352 | ✔ | Resources-2 | https://www.picussecurity.com/resource/rss.xml | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | MITRE ATT&CK Techniques | 743 | T1059 |
|
Details | MITRE ATT&CK Techniques | 581 | T1112 |
|
Details | MITRE ATT&CK Techniques | 193 | T1543.003 |
|
Details | MITRE ATT&CK Techniques | 222 | T1068 |
|
Details | MITRE ATT&CK Techniques | 343 | T1078 |
|
Details | MITRE ATT&CK Techniques | 301 | T1053.005 |
|
Details | MITRE ATT&CK Techniques | 246 | T1574.002 |
|
Details | MITRE ATT&CK Techniques | 680 | T1027 |
|
Details | MITRE ATT&CK Techniques | 49 | T1027.005 |
|
Details | MITRE ATT&CK Techniques | 179 | T1021 |
|
Details | MITRE ATT&CK Techniques | 76 | T1003.003 |
|
Details | MITRE ATT&CK Techniques | 562 | T1005 |
|
Details | MITRE ATT&CK Techniques | 459 | T1041 |
|
Details | MITRE ATT&CK Techniques | 38 | T1090.001 |
|
Details | Url | 2 | https://api.anonfiles.com/upload |
|
Details | Url | 1 | https://thediplomat.com/2024/12/salt-typhoon-chinas-attack-on-us-telecommunications-networks/. |
|
Details | Url | 1 | https://www.darkreading.com/application-security/salt-typhoon-malware-arsenal-ghostspider. |
|
Details | Url | 1 | https://www.trendmicro.com/en_nl/research/24/k/earth-estries.html |
|
Details | Url | 1 | https://cybersecuritynews.com/chinese-apt-attacking-telecoms/. |
|
Details | Url | 1 | https://www.trendmicro.com/en_us/research/24/k/breaking-down-earth-estries-persistent-ttps-in-prolonged-cyber-o.html |
|
Details | Url | 2 | https://www.bleepingcomputer.com/news/security/salt-typhoon-hackers-backdoor-telcos-with-new-ghostspider-malware/. |
|
Details | Url | 1 | https://www.theregister.com/2024/10/07/verizon_att_lumen_salt_typhoon/. |
|
Details | Url | 1 | https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b |
|
Details | Url | 1 | https://fieldeffect.com/blog/salt-typhoon-unleashes-ghostspider-on-telecoms. |
|
Details | CVE | 55 | cve-2023-46805 |
|
Details | CVE | 71 | cve-2024-21887 |
|
Details | CVE | 46 | cve-2023-48788 |
|
Details | CVE | 39 | cve-2022-3236 |
|
Details | CVE | 223 | cve-2021-26855 |
|
Details | CVE | 111 | cve-2021-26857 |
|
Details | CVE | 113 | cve-2021-26858 |
|
Details | CVE | 155 | cve-2021-27065 |
|
Details | Domain | 2 | go4.cab |
|
Details | Domain | 2 | api.anonfiles.com |
|
Details | Domain | 14 | thediplomat.com |
|
Details | Domain | 162 | www.darkreading.com |
|
Details | Domain | 641 | www.trendmicro.com |
|
Details | Domain | 41 | cybersecuritynews.com |
|
Details | Domain | 88 | www.theregister.com |
|
Details | Domain | 45 | www.wsj.com |
|
Details | Domain | 5 | fieldeffect.com |
|
Details | Domain | 1 | www.dmnews.com |
|
Details | Domain | 9 | www.t-mobile.com |
|
Details | File | 2 | c:\program files\qlogic corporation\nqagent\netqlremote.exe |
|
Details | File | 437 | c:\windows\system32\cmd.exe |
|
Details | File | 2 | go4.cab |
|
Details | File | 16 | tomcat6.exe |
|
Details | File | 1 | 182.bat |
|
Details | File | 2337 | cmd.exe |
|
Details | File | 2 | c:\programdata\microsoft\drm\182.bat |
|
Details | File | 102 | rar.exe |
|
Details | File | 2 | c:\users\public\music\rar.exe |
|
Details | File | 2 | c:\users\public\music\pdf0412.rar |
|
Details | File | 1 | c:\path\to\malicious-crowdoor.exe |
|
Details | File | 306 | msiexec.exe |
|
Details | File | 2 | c:\programdata\vmware\vmvssrv.exe |
|
Details | File | 25 | msseces.exe |
|
Details | File | 1102 | rundll32.exe |
|
Details | File | 10 | vmtools.exe |
|
Details | File | 52 | c:\\windows\\system32\\cmd.exe |
|
Details | File | 12 | vmtools.dll |
|
Details | File | 2 | c:\windows\ime\out1.tmp |
|
Details | File | 2 | earth-estries.html |
|
Details | File | 1 | breaking-down-earth-estries-persistent-ttps-in-prolonged-cyber-o.html |
|
Details | File | 3 | earth-estries-targets-government-tech-for-cyberespionage.html |
|
Details | md5 | 1 | 012862165EC105A44FEA14FACE53492F |
|
Details | md5 | 1 | 0A7390A687F949D0A3CDF2926449018B |
|
Details | md5 | 2 | 0B9AE998423A207F021F8E61B93BC849 |
|
Details | md5 | 2 | 0BBFBA106FBB9E310330DC87C32CB6D1 |
|
Details | md5 | 2 | 103E4C2E4EE558D130C8B59BFD66B4FB |
|
Details | md5 | 1 | 145FF08E736693D522F8A09C8D3405D6 |
|
Details | md5 | 2 | 149A9E24DBE347C4AF2DE8D135AA4B76 |
|
Details | md5 | 1 | 18BE25AB5592329858965BEDFCC105AF |
|
Details | md5 | 1 | 1BC301AA9B861F762CE5F376228E992A |
|
Details | md5 | 2 | 1DD03936BAF0FE95B7E5B54A9DD4A577 |
|
Details | md5 | 1 | 24E9870973CEA42E6FAF705B14208E52 |
|
Details | md5 | 2 | 27C558BD42744CDDC9EDB3FA597D0510 |
|
Details | md5 | 1 | 2B8EE4D70B8A47EB98B63AEDD543EBA4 |
|
Details | md5 | 2 | 2C7EBD103514018BAD223F25026D4DB3 |
|
Details | md5 | 1 | 2DD0885F84B890883A396030DB841D28 |
|
Details | md5 | 2 | 3B7721715B2842CDFF0AB72BD605A0CE |
|
Details | md5 | 2 | 3F15C4431AD4573344AD56E8384EBD62 |
|
Details | md5 | 1 | 42097A09CD3420FD7168BA1AFC84939E |
|
Details | md5 | 1 | 475AA86AE60C640EEC4FDEA93B5ED04D |
|
Details | md5 | 1 | 48E9CDFF28E944A6B1A20214CBBC126F |
|
Details | md5 | 2 | 4F950683F333F5ED779D70EB38CDADCF |
|
Details | md5 | 1 | 6685323C61D8EDB4A6E35796AF34D626 |
|
Details | md5 | 1 | 6A44FDD66AB841C33949620666CA847A |
|
Details | md5 | 1 | 7394229455151A9CD036383027A1536B |
|
Details | md5 | 2 | 78B47DDA664545542ED3ABE17400C354 |
|
Details | md5 | 1 | 7A162C26D56B0C55E6CD81CD953F510B |
|
Details | md5 | 2 | 868B8A5012E0EB9A48D2DAF7CB7A5D87 |
|
Details | md5 | 2 | 8A900F742D0E3CD3898F37DBC3D6E054 |
|
Details | md5 | 1 | 96F5312281777E9CC912D5B2D09E6132 |
|
Details | md5 | 2 | A213873EB55DC092DDF3ADBEB242BD44 |
|
Details | md5 | 1 | BE38D173E4E9118BDC2E83FD5F90BE3B |
|
Details | md5 | 1 | C10643B3FB304972C650E593B69FAAA1 |
|
Details | md5 | 2 | DD7593E9BA80502505C958B9BBBF2838 |
|
Details | md5 | 2 | E0D9215F64805E0BFF03F4DC796FE52E |
|
Details | md5 | 2 | E845563BA35E8D227152165B0C3E769F |
|
Details | md5 | 1 | F078AC9B012C503D35254AF9629D3B67 |
|
Details | md5 | 1 | F4A30F84EB754A21B4D200300A4C7ABB |
|
Details | md5 | 1 | FCA94B8B718357143C53620C6B360470 |
|
Details | md5 | 2 | FD8382EFB0A16225896D584DA56C182C |
|
Details | sha1 | 1 | 23e228d5603b4802398b2e7419187aef71ff9dd5 |
|
Details | sha1 | 1 | 2560b7e28b322bb7a56d0b1da1b2652e1efe76ea |
|
Details | sha1 | 2 | 311d1d50673fbfc40b84d94239cd4fa784269465 |
|
Details | sha1 | 2 | 3650899c669986e5f4363fdbd6cf5b78a6fcd484 |
|
Details | sha1 | 1 | 4df896624695ea2780552e9ea3c40661dc84efc8 |
|
Details | sha1 | 1 | 76c430b55f180a85f4e1a1e40e4a2ea37db97599 |
|
Details | sha1 | 3 | 7c809b4866086ef7fb1ab722f94df5af493b80db |
|
Details | sha1 | 1 | 873f98caf234c3a8a9db18343dad7b42117e85d4 |
|
Details | sha1 | 1 | b9601e60f87545441bf8579b2f62668c56507f4a |
|
Details | sha1 | 1 | bb2f5b573ac7a761015daad0b7ff03b294dc60f6 |
|
Details | sha1 | 1 | c36ecd2e0f38294e1290f4b9b36f602167e33614 |
|
Details | sha1 | 1 | e2b0851e2e281cc7bca3d6d9b2fa0c4b7ac5a02b |
|
Details | sha1 | 1 | fdc44057e87d7c350e6df84bb72541236a770ba2 |
|
Details | sha256 | 2 | cd2b703e1b7cfd6c552406f44ec05480209003789ad4fbba4d4cffd4f104b0a0 |
|
Details | sha256 | 2 | 0eaa67fe81cec0a41cd42866df1223cb7d2b5659ab295dffe64fe9c3b76720aa |
|
Details | sha256 | 2 | e6f9756613345fd01bbcf28eba15d52705ef4d144c275b8cfe868a5d28c24140 |
|
Details | sha256 | 2 | c7023183e815b9aff68d3eba6c2ca105dbe0a9b05cd209908dcee907a64ce80b |
|
Details | sha256 | 2 | 1a9e0c7c88e7a8b065ec88809187f67d920e7845350d94098645e592ec5534f6 |
|
Details | sha256 | 2 | efb98b8f882ac84332e7dfdc996a081d1c5e6189ad726f8f8afec5d36a20a730 |
|
Details | sha256 | 2 | 8476ad68ce54b458217ab165d66a899d764eae3ad30196f35d2ff20d3f398523 |
|
Details | sha256 | 2 | dff1d282e754f378ef00fb6ebe9944fee6607d9ee24ec3ca643da27f27520ac3 |
|
Details | sha256 | 3 | 42d4eb7f04111631891379c5cce55480d2d9d2ef8feaf1075e1aed0c52df4bb9 |
|
Details | sha256 | 2 | 45b9204ccbad92e4e5fb9e31aab683eb5221eb5f5688b1aae98d9c0f1c920227 |
|
Details | sha256 | 2 | 98e250bc06de38050fdeab9b1e2ef7e4d8c401b33fd5478f3b85197112858f4e |
|
Details | sha256 | 2 | b1bc10fa25a4fd5ae7948c6523eb975be8d0f52d1572c57a7ef736134b996586 |
|
Details | sha256 | 2 | 49a0349dfa79b211fc2c5753a9b87f8cd2e9a42e55eca6f350f30c60de2866ce |
|
Details | sha256 | 2 | 71a503b5b6ec8321346bee3f6129af0b8ad490a36092488d085085cdc0fc6b9d |
|
Details | sha256 | 2 | 28109c650df5481c3997b720bf8ce09e7472d9cdb3f02dd844783fd2b1400c72 |
|
Details | sha256 | 2 | a8dd0ca6151000de33335f48a832d24412de13ce05ea6f279bf4aaaa2e5aaecb |
|
Details | sha256 | 2 | deaa3143814c6fe9279e8bc0706df22d63ef197af980d8feae9a8468f441efec |
|
Details | sha256 | 2 | b6481e0edc36a0472ab0ce7d0817f1773c4af9307ae60890a667930558a762ff |
|
Details | sha256 | 2 | eeb3d2e87d343b2acf6bc8e4e4122d76a9ad200ae52340c61e537a80666705ed |
|
Details | sha256 | 2 | 4b014891df3348a76750563ae10b70721e028381f3964930d2dd49b9597ffac3 |
|
Details | sha256 | 2 | 2531891691ef674345f098ef18b274091acdf3f2808cca753674599c043ccd7d |
|
Details | sha256 | 2 | c59e17806e3a58792f07662b4985119252c8221688084d20b599699bfdb272d8 |
|
Details | sha256 | 2 | e1a7e5f27362aaf0d12b58b96a816ef61a2a498def9805297aa81f6f83729230 |
|
Details | sha256 | 2 | ca6713bedbd19c2ad560700b41774825615b0fe80bf61751177ffbc26c77aa30 |
|
Details | sha256 | 2 | cdadad8d7ced1370baa5d1ffe435bed78c2d58ed4cda364b8a7484e3c7cdac98 |
|
Details | sha256 | 2 | 82f3384723b21f9a928029bb3ee116f9adbc4f7ec66d5a856e817c3dc16d149d |
|
Details | sha256 | 2 | 415e0893ce227464fb29d76e0500c518935d11379d17fb14effaef82e962ff76 |
|
Details | sha256 | 2 | f6223d956df81dcb6135c6ce00ee14d0efede9fb399b56d2ee95b7b0538fe12c |
|
Details | sha256 | 2 | 23dea3a74e3ff6a367754d02466db4c86ffda47efe09529d3aad52b0d5694b30 |
|
Details | sha256 | 5 | 25b9fdef3061c7dfea744830774ca0e289dba7c14be85f0d4695d382763b409b |
|
Details | sha256 | 3 | 2b5e7b17fc6e684ff026df3241af4a651fc2b55ca62f8f1f7e34ac8303db9a31 |
|
Details | sha256 | 3 | 44ea2e85ea6cffba66f5928768c1ee401f3a6d6cd2a04e0d681d695f93cc5a1f |
|
Details | sha256 | 5 | 6d64643c044fe534dbb2c1158409138fcded757e550c6f79eada15e69a7865bc |
|
Details | sha256 | 2 | 8df9fa495892fc3d183917162746ef8fd9e438ff0d639264236db553b09629dc |
|
Details | sha256 | 2 | b63c82fc37f0e9c586d07b96d70ff802d4b707ffb2d59146cf7d7bb922c52e7e |
|
Details | Mandiant Uncategorized Groups | 32 | UNC2286 |
|
Details | MITRE ATT&CK Techniques | 593 | T1190 |
|
Details | Url | 1 | https://www.dmnews.com/chinese-hacking-group-targets-telecom-networks/. |
|
Details | Url | 1 | https://www.bleepingcomputer.com/news/security/chinese-hackers-breached-t-mobiles-routers-to-scope-out-network/. |
|
Details | Url | 1 | https://www.t-mobile.com/news/un-carrier/update-cyberattacks-targeting-us-wireless-companies. |
|
Details | Url | 1 | https://www.trendmicro.com/en_in/research/23/h/earth-estries-targets-government-tech-for-cyberespionage.html |
|
Details | Windows Registry Key | 200 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run |