Trusted Design

New Targeted Attack Group Buys BIFROSE Code, Works in Teams

概要

Recently, TrendMicro uncovered a new cyber-espionage attack by a well-funded and organized group targeting companies close to governments and in key industries mostly in Asia. These targets include privatized government agencies and government contractors, as well as companies in the consumer electronics, computer, healthcare, and financial industries. This group has been active since 2010. We dub this operation Shrouded Crossbow, after a mutex in a backdoor the group developed. Our research indicates that the group has sufficient financial resources to purchase the source code of a widely available malware tool, and the human resources to design improved versions of its own backdoors based on this.

Created: 2026-02-23

Indicators

• FileHash-SHA1 - e6a5e1018ea41c6c76f0d69cc4698f9912c889b7 -
• hostname - msnserver.ddns.us -
• FileHash-SHA1 - 2f3a1906b9d11b2d1ede44aa40f9e2426afdf637 -
• FileHash-SHA1 - c28e9f5e923713f84bfbb6608d2904e997e520b4 -
• FileHash-SHA1 - 8a1877929704ee62e54f6f819bfd15efbf15f212 -
• FileHash-SHA1 - 83d3bb544e0542dd9c4168350adef928e4205e69 -
• hostname - aptscans.microsoftmse.com -
• hostname - updateserver.serveruser.com -
• FileHash-SHA1 - 64eb9809de14a57d5aa557ee7678cb77096291ba -
• hostname - butterfly.xxuz.com -
• hostname - idonotknow.lflinkup.com -
• hostname - help.microsoftmse.com -
• hostname - nicelogpaser.cleansite.info -
• FileHash-SHA1 - a366ff9025ba49973570950a8379d232a5584166 -
• hostname - gsndomain.ddns.us -
• hostname - www.motorolasolutions.dnset.com -
• hostname - update.microsoftmse.com -
• hostname - cisco-database.ns02.us -
• hostname - truecoco.rebatesrule.net -
• hostname - idonotknow.serveusers.com -
• hostname - upgratedns.zyns.com -
• hostname - mydnsupdate.mynumber.org -
• FileHash-SHA1 - c0f7d1e03de2a6d935e3291b2ab4e5fa559d9a48 -
• hostname - evergo.dnset.com -
• hostname - office.etowns.net -
• hostname - csicohelp.ddns.us -
• hostname - adobebackup.itemdb.com -
• hostname - adc.microsoftmse.com -
• hostname - adobeupdate.serveusers.com -
• hostname - microsoft.dns1.us -
• FileHash-SHA1 - 4eb78ce1b91dc5f4f25877ca1109f2a41f2193b3 -
• FileHash-SHA1 - 38f3658ffa357622abdd235a0f4447de3325310c -

類似Pulses

• Hawkeye Keylogger – Reborn v8: An in-depth campaign analysis (score: 0.64)
• Lazarus group: Operation Blockbuster (score: 0.64)
• A Look Into Fysbis: Sofacy’s Linux Backdoor (score: 0.64)
• A Look Into Fysbis: Sofacy’s Linux Backdoor (score: 0.63)
• Untangling the Patchwork Cyberespionage Group (score: 0.63)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る