ioc[.]one - OSINT Cyber Threat Intelligence Database

Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors

Tags

country:	China Japan Taiwan
attack-pattern:	Data Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Tool - T1588.002

Show in Graph

Common Information

Type	Value
UUID	efc2d4f6-c202-44ac-bd44-69d6efc55899
Fingerprint	94a409c18fff8271
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 29, 2020, midnight
Added to db	Sept. 11, 2022, 12:45 p.m.
Last updated	Nov. 17, 2024, 6:30 p.m.
Headline	Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors
Title	Palmerworm: Espionage Gang Targets the Media, Finance, and Other Sectors
Detected Hints/Tags/Attributes	42/2/32

Source URLs

	Redirection	Url
Details	Source	https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/palmerworm-blacktech-espionage-apt

URL Provider

Details	Provider	Source level domain
Details	security.com	symantec-enterprise-blogs.security.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	asiainfo.hpcloudnews.com
Details	Domain	3	loop.microsoftmse.com
Details	File	14	backdoor.pl
Details	sha256	1	28ca0c218e14041b9f32a0b9a17d6ee5804e4ff52e9ef228a1f0f8b00ba24c11
Details	sha256	1	3277e3f370319f667170fc7333fc5e081a0a87cb85b928219b3b3caf7f1e549c
Details	sha256	1	35bd3c96abbf9e4da9f7a4433d72f90bfe230e3e897a7aaf6f3d54e9ff66a05a
Details	sha256	1	485d5af4ad86e9241abd824df7b3f7d658b1b77c7dcc3c9b74bfe1ddc074c87d
Details	sha256	1	4c05ee584530fd9622b9e3be555c9132fad961848ea215ecb0dd9430df7e4ed8
Details	sha256	1	50ba9a2235b9b67e16e6bd26ae042a958d065eb2c5273f07eee20ec86c58a653
Details	sha256	1	5818bfe75d73a92eb775fae3b876086a9e70e1e677b7c162b49fb8c1cc996788
Details	sha256	1	5a35672f293f8f586fa9cfac0b09c2c52a85d4e8bc77b1ed4d7c16c58fe97a81
Details	sha256	1	69d60562a8d69500e8cb47a48293894385743716e2214fd4e81682ab6ed1c46b
Details	sha256	1	6d40c289a154142cdd5298e345bcea30b13f26b9eddfe2d9634e71e1fb935fbe
Details	sha256	1	6f97022782d63c6cea53ad151c5b7e764e62533d8257e439033c0307437bfb2a
Details	sha256	1	73799d67d32a2b5554c39330e81e7c8069feaa56520e22a7fd0a52e8857c510c
Details	sha256	1	81a4b84700b5f4770b11a5fe30a8df42e5579fd622fd54143b3d2578df4b559d
Details	sha256	1	884cefccd5b3c3a219a176c0c614834b5b6676abbac1d1c98f39624fccc71bf9
Details	sha256	1	8cd6dfffc251f9571f7a82cca2eca09914c950f3b96aaaeaeaaeeac342f9b550
Details	sha256	1	8da532ea294cc2c99e02ce8513a15b108a7c49bd90f7001ce6148955304733cb
Details	sha256	1	9c436db49b27bed20b42157b50d8bdad414b12f01e2127718250565017a08d84
Details	sha256	1	9e3ecda0f8e23116e1e8f2853cf07837dd5bc0e2e4a70d927b37cfe4f6e69431
Details	sha256	1	a7f3b8afb963528b4821b6151d259cf05ae970bc4400b805f7713bd8a0902a42
Details	sha256	1	aa51b69d05741144d139b422c3b90fdf6d7d5a36dd6c7090c226a0fc155ada34
Details	sha256	1	b32ab70f3f441a775771d6c824d4526715460c0fd72a1dfdec8cd531aef5fabd
Details	sha256	1	d4d5c73c40f50cdef1500fca8329bc8f3f05f6e2ffda9c8feb9be1dcca6ccd31
Details	sha256	1	eed2ab9f2c09e47c7689204ad7f91e5aef3cb25a41ea524004a48bb7dc59f969
Details	sha256	1	f11e2146b4b7da69112f4681daca0c5ec18917acc4cf4f78d8bff7ac0b53e15c
Details	sha256	1	f21601686a2af1a312e0f99effa2c2755f872b693534dbe14f034fa23587ac0b
Details	IPv4	1	103.40.112.228
Details	IPv4	1	172.104.92.110
Details	IPv4	1	45.76.218.116
Details	IPv4	1	45.77.181.203