Trusted Design

Operation Iron Tiger

概要

Key individuals, who are believed to be part of a China-based attack group, have been stealing years of valuable government and corporate information from defense and high technology organizations in the US since 2013 and political and government-related entities in China, Hong Kong, and the Philippines since 2010. This shift in targets is highly notable for the active cyber espionage operation we dubbed as “Operation Iron Tiger.” We believe that the threat actors have simply moved up in the food chain and were assigned new, high-level targets to spy on–all as part of a bigger espionage campaign. US defense contractors were only fairly recent targets based on the operation’s history, which we traced to spear-phishing in 2010. “Foreign policy,” “future of the US Army Officer Corps,” and “economic development” are only a few of the keywords that threat actors have been using in spear-phishing attacks against directors and project managers of technology-inclined US government contractors.

Created: 2026-02-23

Indicators

• FileHash-SHA1 - 3bcd90785ff5883bc460a74eca3bf9033a542335 -
• FileHash-SHA1 - 396af3ae018a9e251a832cce8aae1bcaa11cdc05 -
• FileHash-SHA1 - d72ef43059ad0d5b4fc1e218e5257439ac006308 -
• hostname - phpxss.lofter.com -
• YARA - b7dba0567833c59c1754c154c080224186bcb5ba -
• FileHash-SHA1 - 45ff712ae34512a9ac70060cec62a9b85f62804b -
• FileHash-SHA256 - 3be95477e1d9f3877b4355cff3fbcdd3589bb7f6349fd4ba6451e1e9d32b7fa6 -
• YARA - 5f3faad50cc56ca2aed3fab74c5d39cedbe3651c -
• domain - gtalklite.com -
• FileHash-SHA1 - 8c8f12ae866c38931e19d67fadc19bd18aaf0865 -
• YARA - 8b8d1a6ea21ae9e4397e6d76b47c31188c789b75 -
• FileHash-SHA1 - 9484bb1b1c0e39355a66b20fc361846ce1f063e0 -
• YARA - dd53aa20d5c8f0f9dd91674c56c99ba1d6b1f80a -
• YARA - cf31f66bcea941218ee452de48398dab13e1305b -
• YARA - fd668b90a9024eee1c9018370cac063cc550d7b6 -
• FileHash-SHA1 - 6bcd525bb425dbb7fbc79dd6a605fac8f925b0cb -
• FileHash-SHA1 - 126a5972a0f6b0a5b0a2b52d7d848e8a9824f562 -
• YARA - 60bf64a8af4d82d102e61b5c74bab0468d40c5cb -
• FileHash-SHA1 - eeec12cb0dcc7c77a4ecee9facd2ccc1f3e2d93c -
• FileHash-SHA256 - a89c21dd608c51c4bf0323d640f816e464578510389f9edcf04cd34090decc91 -
• FileHash-SHA1 - 7875ec1ffad546476defe5ad3e87930e7fa7ba95 -
• YARA - 2709d92b5599f69a8628e70c22c387bdb7f86db2 -
• FileHash-SHA1 - ec0c179903e413490cec41c522ba612737d38c4a -
• FileHash-SHA1 - b27277142f4b4f71a757630a730314daae9ecfeb -
• FileHash-SHA1 - d3fb95d0eeccd99c475c6b985a6c911bed69f50d -
• FileHash-SHA1 - 7b34f24703b5415bc46fdab3801ac79e3e82242a -
• CVE - CVE-2008-1436 -
• YARA - 4c25bc00ebe9e5e1ecaf16c5584e06ce3beebb4e -
• YARA - 3b59f2b53dd142e8e254736bd9a789cffa7956e0 -
• FileHash-SHA1 - 08afa64b23288c0414b379cb4e67c1a8dabea033 -
• YARA - 3207bb9b1f6184b5c8c431091ec54bff2a91b681 -
• YARA - 31fefcd742babf146b115f9f718e092c6ae90eca -
• hostname - pi.mai1.info -
• FileHash-SHA1 - 75f098d6b3f217aba4c068b12896c332216fc6b3 -
• YARA - b19f7090445b4677f8a0b106d416bd4799a94b26 -
• FileHash-SHA256 - 7903f94730a8508e9b272b3b56899b49736740cea5037ea7dbb4e690bcaf00e7 -
• FileHash-SHA1 - 0ad2796b1312af4db975a3978ede19e939e42846 -
• YARA - 74e9ad866a7e79b1056a6bb56852f23e30fda75a -
• FileHash-SHA1 - 4df17c9e64f7277538141e384d4a372c60787f1a -
• YARA - 329aee4161d906a08ab8f4c80dc65d834b21a072 -
• FileHash-SHA1 - 11348a72a0864c6c455a535d5d7bde2997270266 -
• YARA - 3b3b1761c034172a982a3cdd933efaa6c0e6934b -
• FileHash-SHA1 - b9f67198ffa311aecb85e9914cdd96d99ecbdf3c -
• YARA - 9a7198c25ef894746896ba4799f921c5f29578f2 -
• FileHash-SHA1 - 50d2fef4e680072441084053773350d9ba60cac6 -
• hostname - gameofthrones.ddns.net -
• FileHash-SHA1 - 1f8dec3ea9b25de862a11b4d807f0d8de00c7972 -
• FileHash-SHA1 - afce5e56fc9bd1774d0cbbab1df205d0152fc632 -
• YARA - 0f0e485ba0a2ecc5dad45107aa67255c3bbd0c2d -
• FileHash-SHA256 - a0cee5822ddf254c254a5a0b7372c9d2b46b088a254a1208cb32f5fe7eca848a -
• YARA - 0d6fbc1b8c7f66c1b41dcc8a7c2d149afd937bab -
• YARA - 742a6086beeb0a53b3adbc163eedb74c8e476800 -
• FileHash-SHA256 - a08db49e198068709b7e52f16d00a10d72b4d26562c0d82b4544f8b0fb259431 -
• YARA - 885b3458b89246705e08f57fab6333959341d87c -
• FileHash-SHA256 - 0d6da946026154416f49df2283252d01ecfb0c41c27ef3bc79029483adc2240c -
• YARA - 60172061fbe43e657243161f4043d7990a5ec95f -
• hostname - xssok.blogspot.com -
• YARA - 070be7338df67a96e1a0a1cb0dd30a122b65c462 -
• FileHash-SHA256 - 5cd2af844e718570ae7ba9773a9075738c0b3b75c65909437c43201ce596a742 -
• FileHash-SHA1 - 5b638171811412b570ed500803ceca5ed85580ff -
• URL - http://user.qzone.qq.com/1479457083 -
• YARA - c0e25dad74c05773862772d5262424c1f4e3f0df -
• YARA - 03e124666c03ed1c02ada09befb54ff8c9fa08f0 -
• FileHash-SHA1 - c3f5d5d52890fe72bd2fc4c08aaf538da73016d7 -
• FileHash-SHA1 - 96d6a67227a6d650ab8c5465cb4b091217e75a5f -

類似Pulses

• Stealthy Cyberespionage Campaign Attacks With Social Engineering (score: 0.64)
• The Spy Kittens Are Back: Rocket Kitten 2 (score: 0.64)
• Chinese Actors attacks on US Government and EU Media (score: 0.63)
• SPEAR: A Threat Actor Resurfaces (score: 0.63)
• PROJECT CAMERASHY: CLOSING THE APERTURE ON CHINA’S UNIT 78020 (score: 0.63)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る