2015-04-15 The Chronicles of the Hellsing APT the Empire Strikes Back

📃Title: The Chronicles of the Hellsing APT: the Empire Strikes Back
📅Date: 2015-04-15
🔗References:

• https://securelist.com/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/69567/

🔖Rectifyq Taxonomies:

• relevancy: 🔴 Highly Relevant
• category: ⚔Threat
• sub-category: TA-profile
• target: targeted
• MY-relevancy: relevant

🔖MISP Galaxies:

• threat-actor Hellsing
• producer Kaspersky
• target-information=“India”
• target-information=“Indonesia”
• target-information=“Malaysia”
• target-information=“Philippines”
• target-information=“United States”
• sector=“Diplomacy”
• sector=“Government, Administration”
• mitre-attack-pattern=[]

MISP event uuid: 34fadfbd-2659-4bf5-8e4f-10f0a08de7d5

Indicator of Compromise (IoCs)

type,value,comment
md5, 015915bbfcda1b2b884db87262970a11, 'No sample in VT\r\nLast check:08/03/2025'
md5, 036e021e1b7f61cddfd294f791de7ea2, 'No sample in VT\r\nLast check:08/03/2025'
md5, 04090aca47f5360b84f6a55033544863, 'No sample in VT\r\nLast check:08/03/2025'
md5, 085faac21114c844529e11422ef684d1, 'No sample in VT\r\nLast check:08/03/2025'
md5, 0ba116aa1704a415812552a815fcd34b, 'No sample in VT\r\nLast check:08/03/2025'
md5, 0cbefd8cd4b9a36c791d926f84f10b7b, 'No sample in VT\r\nLast check:08/03/2025'
md5, 0cc5918d426cd836c52207a8332296bc, 'No sample in VT\r\nLast check:08/03/2025'
md5, 0dfcbb858bd2d5fb1d33cd69dcd844ae, 'No sample in VT\r\nLast check:08/03/2025'
md5, 0f13deac7d2c1a971f98c9365b071db9, 'No sample in VT\r\nLast check:08/03/2025'
md5, 0ffe80af4461c68d6571bede9527cf74, 'No sample in VT\r\nLast check:08/03/2025'
md5, 13ef0dfe608440ee60449e4300ae9324, 'No sample in VT\r\nLast check:08/03/2025'
md5, 14309b52f5a3df8cb0eb5b6dae9ce4da, 'No sample in VT\r\nLast check:08/03/2025'
md5, 17ef094043761a917ba129280618c1d3, 'No sample in VT\r\nLast check:08/03/2025'
md5, 2682a1246199a18967c98cb32191230c, 'No sample in VT\r\nLast check:08/03/2025'
md5, 2cce768dc3717e86c5d626ed7ce2e0b7, 'No sample in VT\r\nLast check:08/03/2025'
md5, 3032f4c7a6e4e807dd7b012fa4b43718, 'No sample in VT\r\nLast check:08/03/2025'
md5, 4dbfd37fd851daebdae7f009adec3cbd, 'No sample in VT\r\nLast check:08/03/2025'
md5, 4f19d5d2c04b6fc05e56c6a48fd9cb50, 'No sample in VT\r\nLast check:08/03/2025'
md5, 58670063ec00caf0d2d17f9d52f0ac95, 'No sample in VT\r\nLast check:08/03/2025'
md5, 588f41b1f34b29529bc117346355113f, 'No sample in VT\r\nLast check:08/03/2025'
md5, 5dec2e81037b2d72320516e86a2bcfbd, 'No sample in VT\r\nLast check:08/03/2025'
md5, 5f776a0de913173e878844d023a98f1c, 'No sample in VT\r\nLast check:08/03/2025'
md5, 5fc86559ae66dd223265540fd5dfaf3b, 'No sample in VT\r\nLast check:08/03/2025'
md5, 621e4c293313e8638fb8f725c0ae9d0f, 'No sample in VT\r\nLast check:08/03/2025'
md5, 67e032085dc756bb7123dfe942e5dca4, 'No sample in VT\r\nLast check:08/03/2025'
md5, 73396bacd33cde4c8cb699bcf11d9f56, 'No sample in VT\r\nLast check:08/03/2025'
md5, 8befabb08750548d7ba64717d92b71e0, 'No sample in VT\r\nLast check:08/03/2025'
md5, 8e5fd9f8557e0d39787dd205abffa973, 'No sample in VT\r\nLast check:08/03/2025'
md5, 9317458e0d8484b77c0b9fa914a98230, 'No sample in VT\r\nLast check:08/03/2025'
md5, a642c3dfd7e9dad5dc2a27ac6d8c9868, 'No sample in VT\r\nLast check:08/03/2025'
md5, a6703722c6a1953a8c3807a6ff93d913, 'No sample in VT\r\nLast check:08/03/2025'
md5, e8770d73d7d8b837df44a55de9adb7d5, 'No sample in VT\r\nLast check:08/03/2025'
ip-dst, 122.10.9.73, 'C2'
ip-dst, 122.9.247.4, 'C2'
ip-dst, 122.10.9.155, 'C2'
ip-dst, 23.88.236.96, 'C2'
ip-dst, 122.10.26.24, 'C2'
hostname, a.huntingtomingalls.com, 'C2'
hostname, ack.philippinenewss.com, 'C2'
hostname, af.huntingtomingalls.com, 'C2'
hostname, afc.philippinenewss.com, 'C2'
hostname, afnews.philippinenewss.com, 'C2'
hostname, articles.whynotad.com, 'C2'
hostname, ccid.mooo.com, 'C2'
hostname, d6.philippinenewss.com, 'C2'
hostname, de.philippinenewss.com, 'C2'
hostname, dec.huntingtomingalls.com, 'C2'
hostname, df1.huntingtomingalls.com, 'C2'
hostname, df2.huntingtomingalls.com, 'C2'
hostname, df3.huntingtomingalls.com, 'C2'
hostname, df4.huntingtomingalls.com, 'C2'
hostname, df5.huntingtomingalls.com, 'C2'
hostname, email.philippinenewss.com, 'C2'
hostname, email.philstarnotice.com, 'C2'
hostname, files.philippinenewss.com, 'C2'
hostname, files.philstarnotice.com, 'C2'
hostname, freebsd.extrimtur.com, 'C2'
hostname, gr.philippinenewss.com, 'C2'
hostname, guaranteed9.strangled.net, 'C2'
hostname, hosts.mysaol.com, 'C2'
hostname, ima03.now.im, 'C2'
hostname, img02.mooo.com, 'C2'
hostname, imgs09.homenet.org, 'C2'
hostname, knl.russkoeumea.com, 'C2'
hostname, login.philstarnotice.com, 'C2'
hostname, mail.philippinenewss.com, 'C2'
hostname, my.philippinenewss.com, 'C2'
hostname, na.huntingtomingalls.com, 'C2'
hostname, na.philstarnotice.com, 'C2'
hostname, new.philippinenewss.com, 'C2'
hostname, news.huntingtomingalls.com, 'C2'
hostname, news.philstarnotice.com, 'C2'
hostname, ng.philstarnotice.com, 'C2'
hostname, ns01.now.im, 'C2'
hostname, ny.huntingtomingalls.com, 'C2'
hostname, ny.philstarnotice.com, 'C2'
hostname, philippinenews.mooo.com, 'C2'
hostname, philnews.twilightparadox.com, 'C2'
hostname, pic.philstarnotice.com, 'C2'
hostname, pm.philstarnotice.com, 'C2'
hostname, pop.philippinenewss.com, 'C2'
hostname, pop.philstarnotice.com, 'C2'
hostname, premium9.crabdance.com, 'C2'
hostname, second.photo-frame.com, 'C2'
hostname, shoping.jumpingcrab.com, 'C2'
hostname, so.philippinenewss.com, 'C2'
hostname, web.huntingtomingalls.com, 'C2'
hostname, web01.crabdance.com, 'C2'
hostname, webmm.indiadigest.in, 'C2'
hostname, wg.philippinenewss.com, 'C2'
hostname, zq.philippinenewss.com, 'C2'
hostname, flags13.twilightparadox.com, 'C2'
domain, huntingtomingalls.com, 'Domain registration'
email-src, ssdfsddfs@qsdfsq.com, 'Domain registration'
domain, philippinenewss.com, 'Domain registration'
email-src, sambieber1990@yahoo.com, 'Domain registration'
domain, philstarnotice.com, 'Domain registration'
md5, bff9c356e20a49bbcb12547c8d483352, 'No sample in VT\r\nLast check:08/03/2025'

Full IOCs available in Rectifyq's MISP```