ioc[.]one - OSINT Cyber Threat Intelligence Database

Pandas with a Soul: Chinese Espionage Attacks Against Southeast Asian Government Entities - Check Point Research

Tags

cmtmf-attack-pattern:	Data Encrypted
country:	Indonesia Thailand Vietnam U.S. Virgin Islands
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Rundll32 - T1218.011 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Vulnerabilities - T1588.006 Connection Proxy - T1090 Data Encrypted - T1022 Rundll32 - T1085 Scheduled Task - T1053

Show in Graph

Common Information

Type	Value
UUID	e4739326-0596-40fe-aefd-2dd14b93f108
Fingerprint	bdb591b1e7b98c99
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 7, 2023, 11:05 a.m.
Added to db	March 7, 2023, 1:22 p.m.
Last updated	Nov. 17, 2024, 6:55 p.m.
Headline	Pandas with a Soul: Chinese Espionage Attacks Against Southeast Asian Government Entities
Title	Pandas with a Soul: Chinese Espionage Attacks Against Southeast Asian Government Entities - Check Point Research
Detected Hints/Tags/Attributes	97/4/61

Source URLs

	Redirection	Url
Details	Source	https://research.checkpoint.com/2023/pandas-with-a-soul-chinese-espionage-attacks-against-southeast-asian-government-entities/

URL Provider

Details	Provider	Source level domain
Details	checkpoint.com	research.checkpoint.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	162	✔	—	https://media.cert.europa.eu/rss?type=category&id=APTFilter&language=en&duplicates=false	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	8	www.whatismyip.com
Details	Domain	3	office.oiqezet.com
Details	File	1018	rundll32.exe
Details	File	1122	svchost.exe
Details	File	55	msdtc.exe
Details	File	131	spoolsv.exe
Details	File	1204	index.php
Details	File	1	%systemroot%\system32\ikeext.dll
Details	File	28	wlbsctrl.dll
Details	File	2	req.dat
Details	md5	1	d2122d4f4cdf26faa1b2f73bda6030f4
Details	md5	19	d41d8cd98f00b204e9800998ecf8427e
Details	md5	4	5d41402abc4b2a76b9719d911017c592
Details	md5	1	7d793037a0760186574b0282f2f435e7
Details	sha256	2	d1a6c383de655f96e53812ee1dec87dd51992c4be28471e44d7dd558585312e0
Details	sha256	2	32a0f6276fea9fe5ee2ffda461494a24a5b1f163a300bc8edd3b33c9c6cc2d17
Details	sha256	2	ca7f297dc04acad2fab04d5dc2de9475aed4186805f6c237c10b8f56b384cf30
Details	sha256	3	341dee709285286bc5ba94d14d1bce8a6416cb93a054bd183b501552a17ef314
Details	sha256	2	9d628750295f5cde72f16da02c430b5476f6f47360d008911891fdb5b14a1a01
Details	sha256	2	811a020b0f0bb31494f7fbe21893594cd44d90f77fcd1f257925c4ac5fabed43
Details	sha256	2	b023e2b398d552aacb2233a6e08b4734c205ab6abf5382ec31e6d5aa7c71c1cb
Details	sha256	2	81d9e75d279a953789cbbe9ae62ce0ed625b61d123fef8ffe49323a04fecdb3f
Details	sha256	2	12c1a4c6406ff378e8673a20784c21fb997180cd333f4ef96ed4873530baa8d3
Details	sha256	2	f2779c63373e33fdbd001f336df36b01b0360cd6787c1cd29a6524cc7bcf1ffb
Details	sha256	2	7a7e519f82af8091b9ddd14e765357e8900522d422606aefda949270b9bf1a04
Details	sha256	2	4747e6a62fee668593ceebf62f441032f7999e00a0dfd758ea5105c1feb72225
Details	sha256	2	3541f3d15698711d022541fb222a157196b5c21be4f01c5645c6a161813e85eb
Details	sha256	2	0f9f85d41da21781933e33dddcc5f516c5ec07cc5b4cff53ba388467bc6ac3fd
Details	sha256	2	17f4a21e0e8c0ce958baf34e45a8b9481819b9b739f3e48c6ba9a6633cf85b0e
Details	sha256	2	f8622a502209c18055a308022629432d82f823dd449abd9b17c61e363a890828
Details	sha256	3	1a15a35065ec7c2217ca6a4354877e6a1de610861311174984232ba5ff749114
Details	sha256	2	065d399f6e84560e9c82831f9f2a2a43a7d853a27e922cc81d3bc5fcd1adfc56
Details	sha256	2	1e18314390302cd7181b710a03a456de821ad85334acfb55f535d311dd6b3d65
Details	sha256	2	c4500ad141c595d83f8dba52fa7a1456959fb0bc2ee6b0d0f687336f51e1c14e
Details	sha256	2	390e6820b2cc173cfd07bcebd67197c595f4705cda7489f4bc44c933ddcf8de6
Details	sha256	2	df5fe7ec6ecca27d3affc901cb06b27dc63de9ea8c97b87bc899a79eca951d60
Details	IPv4	2	103.159.132.96
Details	IPv4	295	8.8.8.8
Details	IPv4	13	114.114.114.114
Details	IPv4	2	45.76.190.210
Details	IPv4	2	45.197.132.68
Details	IPv4	4	45.197.133.23
Details	IPv4	2	103.78.242.11
Details	IPv4	2	103.173.154.168
Details	IPv4	2	103.213.247.48
Details	IPv4	2	139.180.137.73
Details	IPv4	2	139.180.138.49
Details	IPv4	2	152.32.243.17
Details	Threat Actor Identifier - APT	31	APT30
Details	Threat Actor Identifier by Recorded Future	5	TAG-16
Details	Url	1	http://103.159.132.96/index.php
Details	Url	4	https://www.whatismyip.com
Details	Windows Registry Key	1	HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\CONFIGEX
Details	Windows Registry Key	1	HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\Assemblies
Details	Windows Registry Key	1	HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
Details	Windows Registry Key	1	HKEY_CURRENT_USER\SOFTWARE\Software\Microsoft\CTF\CONFIGEX
Details	Windows Registry Key	1	HKEY_CURRENT_USER\SOFTWARE\Software\Microsoft\CTF\Assemblies
Details	Windows Registry Key	1	HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\SVIF
Details	Windows Registry Key	164	HKLM\SOFTWARE\Microsoft\Windows
Details	Windows Registry Key	2	HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation
Details	Windows Registry Key	1	HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF\UUID