Rectifyq📃Title: Silver Dragon Targets Organizations in Southeast Asia and Europe
📅Date: 2026-03-03
🔗References:
Description
Check Point Research has identified a Chinese-nexus advanced persistent threat group named Silver Dragon, targeting organizations in Southeast Asia and Europe since mid-2024. The group, likely operating under APT41, exploits public-facing servers and uses phishing emails for initial access. They deploy custom tools including GearDoor, a backdoor using Google Drive for command and control, SSHcmd for remote access, and SilverScreen for covert screen monitoring. Silver Dragon primarily focuses on government entities, utilizing Cobalt Strike beacons and DNS tunneling for communication. The group’s sophisticated tactics and evolving toolkit demonstrate a well-resourced and adaptable threat actor.
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: TA-profile
- target: broad-based
- MY-relevancy: relevant
- action-taken: diamond-model
🔖MISP Galaxies:
- producer Check-Point
- region=“035 - South-eastern Asia”
- threat-actor APT41
- target-information=“Italy”
- target-information=“Japan”
- target-information=“Kazakhstan”
- target-information=“Malaysia”
- target-information=“Myanmar”
- target-information=“Poland”
- target-information=“Russia”
- online-service=“4a9eade3-5de4-4a80-9c7a-ba3a7566e130”
- malpedia=“Cobalt Strike”
- sector=“Government, Administration”
- mitre-attack-pattern=[‘T1113’, ‘T1033’, ‘T1132.001’, ‘T1071.004’, ‘T1036.005’, ‘T1021.004’, ‘T1082’, ‘T1053’, ‘T1055’, ‘T1016’, ‘T1083’, ‘T1036.004’, ‘T1049’, ‘T1057’, ‘T1059.001’, ‘T1078’, ‘T1102.002’, ‘T1001.003’, ‘T1059.003’, ‘T1105’]
MISP event uuid: 2e319e49-6c2f-442b-ba50-ae7d2e43ddb4
Indicator of Compromise (IoCs)
type,value,comment
md5, 9d3f61dcaba90db2ede1c1906a80ace2, 'No sample in VT\r\nLast check:06/03/2026'
sha256, 16b9a7358be88632378ba20ba1430786f3b844694b1f876211ecdbecf5cccbc2, 'No sample in VT\r\nLast check:06/03/2026'
sha256, 37b485ed8d150d022c41e5e307b8c54c34ef806625b44d0c940b18be7d5b29ce, 'No sample in VT\r\nLast check:06/03/2026'
domain, ampolice.org, ''
domain, bigflx.net, ''
domain, copilot-cloud.net, ''
domain, exchange4study.com, ''
domain, mindssurpass.com, ''
domain, oicm.org, ''
domain, onedriveconsole.com, ''
domain, protacik.com, ''
domain, revitpourtous.com, ''
domain, splunkds.com, ''
domain, wikipedla.blog, ''
domain, zhydromet.com, ''
hostname, ns1.exchange4study.com, ''
hostname, ns1.onedriveconsole.com, ''
hostname, ns2.onedriveconsole.com, ''
hostname, drivefrontend.pa-clients.workers.dev, ''
Full IOCs available in Rectifyq's MISP```