Trusted Design

Silver Dragon Targets Organizations in Southeast Asia and Europe

概要

Check Point Research has identified a Chinese-nexus advanced persistent threat group named Silver Dragon, targeting organizations in Southeast Asia and Europe since mid-2024. The group, likely operating under APT41, exploits public-facing servers and uses phishing emails for initial access. They deploy custom tools including GearDoor, a backdoor using Google Drive for command and control, SSHcmd for remote access, and SilverScreen for covert screen monitoring. Silver Dragon primarily focuses on government entities, utilizing Cobalt Strike beacons and DNS tunneling for communication. The group's sophisticated tactics and evolving toolkit demonstrate a well-resourced and adaptable threat actor.

Created: 2026-03-04

Indicators

• domain - revitpourtous.com -
• hostname - ns1.onedriveconsole.com -
• FileHash-SHA256 - 37b485ed8d150d022c41e5e307b8c54c34ef806625b44d0c940b18be7d5b29ce -
• hostname - ns2.onedriveconsole.com -
• FileHash-SHA256 - 166e777cb72a7c4e126f8ed97e0a82e7ca9e87df7793fea811daf34e1e7e47a6 -
• FileHash-SHA256 - bd699ed720e2bd7085b3444cb8f4d36870b5b48df1055ec6cc1553db3eef7faf -
• FileHash-SHA256 - 3128bdb8efaaa04c0ba96337252f4cc2dc795021cbc410f74ace9dde958bac1d -
• FileHash-SHA256 - 5341c7256542405abdd01ee288b08e49dcb6d1782be6b7bea63b459d80f9a8f5 -
• FileHash-SHA256 - 948468aba5c851952ebe56a5bf37904ed83a6c8cb520304db6938d79892f0a1b -
• FileHash-SHA256 - 74a11a07d167f8f5c0baa724d1f7708985c81d0ac3d0e4d7ef3f3220c335e009 -
• FileHash-SHA256 - ddaca57f3d5f4986da052ca172631b351410d6f5831f6af351699c6201cc011b -
• FileHash-SHA256 - b93560c4d18120e113fb8b04a8aa05f66a12116d1fbf18a93186f6314381e97e -
• domain - splunkds.com -
• FileHash-SHA256 - 3e2a0bafbd44e24b17fd7b17c9f2b2a3727349971d42612d55bbc1732082619a -
• FileHash-SHA256 - a6b5448ba45f3f352f5f4c5376024891adda1ef8ebf62a8fe63424fa230c691d -
• FileHash-SHA1 - c093b163f86d35c7cc3f2966d4a5ec5f8ce77980 -
• FileHash-SHA256 - 72e4b6540e32b8b7aac850055609bc5afc19e29834e9aa6be29a8ea59a2c9785 -
• domain - zhydromet.com -
• domain - oicm.org -
• FileHash-SHA256 - 51684a0e356513486489986f5832c948107ff687c8501d64846cdc4307429413 -
• domain - bigflx.net -
• FileHash-SHA256 - 85a03d2e74ae84093a74699057693d11e5c61f85b62e741778cbc5fc9f89022f -
• FileHash-SHA256 - 8c29f9189a9ad75a959024f59e68c62d42a6fd42f9eacf847128c7efe4ef7578 -
• FileHash-SHA256 - 5ad857df8976523cb3ad2fdf30e87c0e7daa64135716b139ffdcd209b98e1654 -
• FileHash-SHA256 - 2f787c1454891b242ab221b8b8b420373c3eb1a0c1fdcb624dd800c50758bbb0 -
• hostname - ns1.exchange4study.com -
• domain - copilot-cloud.net -
• FileHash-MD5 - 9d3f61dcaba90db2ede1c1906a80ace2 -
• FileHash-SHA256 - 16b9a7358be88632378ba20ba1430786f3b844694b1f876211ecdbecf5cccbc2 -
• FileHash-SHA256 - 19139a525ee9c22efd6a4842c4cd50ab2c5f9ee391e5531071df0bb4e685f55d -
• domain - mindssurpass.com -
• FileHash-SHA256 - 7384462d420bdc9683a4cac2a8ad19353a2aa7d2244c91e9182345777e811e33 -
• FileHash-SHA256 - 967b5c611d304385807ea2d865fa561c15cde0473dd63e768679a4f29f0e4563 -
• FileHash-SHA256 - 44e769efed3e4f9f04c52dcd13f15cead251a1a08827a2cb6ea68427522c7fbb -
• FileHash-SHA256 - 43f8f94ca5aa0af7bfb0cc1d2f664a46500a161b2d082b48b516d084ef485348 -
• domain - ampolice.org -
• domain - protacik.com -
• FileHash-SHA256 - e3b016f2fc865d0f53f635f740eb0203626517425ed9a2908058f96a3bcf470d -
• FileHash-SHA256 - 3a2df7a2cfeca5ba315a29cf313268a53a22316c925e6b9760ead8f4df0d1f75 -
• FileHash-SHA256 - bcbe2f0a8134c0e7fce18d0394ababc1d910e6f7b77b8c07643434cd14f4c5d6 -
• domain - onedriveconsole.com -
• FileHash-SHA256 - 4f93be0c46a53701b1777ab8df874c837df3d8256e026f138d60fc2932e569a8 -
• FileHash-SHA256 - 568c67564d62b09d1a1bc29a494cf4bf31afddcafcf78592b178c63f23ccfcae -
• FileHash-MD5 - 876e6bca4c322db479d00152a5c8231a -
• FileHash-SHA256 - 740a09fcdefa5a5f79355b720f54ff09efa64062229fb388adbccd9c829e9ff0 -
• domain - wikipedla.blog -
• domain - exchange4study.com -
• FileHash-SHA256 - c4de1f1a8cb3b0392802ee56096ddb25b6f51c51350ce7c45e14d8c285765300 -
• FileHash-SHA256 - 7f89a4d5af47bc00a9ad58f0bcbe8a7be2662953dcd03f0e881cc5cbf6b7bca8 -

類似Pulses

類似するPulseは見つかりませんでした。

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る