2015-04-15 The Chronicles of the Hellsing APT the Empire Strikes Back| Threat Intelligence Malaysia

📃Title: The Chronicles of the Hellsing APT: the Empire Strikes Back
📅Date: 2015-04-15
🔗References:

https://securelist.com/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/69567/

🔖Rectifyq Taxonomies:

relevancy: 🔴 Highly Relevant
category: ⚔Threat
sub-category: TA-profile
target: targeted
MY-relevancy: relevant

🔖MISP Galaxies:

threat-actor= Hellsing
producer= Kaspersky
target-information=“India”
target-information=“Indonesia”
target-information=“Malaysia”
target-information=“Philippines”
target-information=“United States”
sector=“Diplomacy”
sector=“Government, Administration”
mitre-attack-pattern=[]

MISP event uuid: 34fadfbd-2659-4bf5-8e4f-10f0a08de7d5

Indicator of Compromise (IoCs)

type,value,comment
md5, 055bc765a78da9cc759d1ba7ac7ac05e, ''
md5, 31b3cc60dbecb653ae972db9e57e14ec, ''
md5, 3a40e0deb14f821516eadaed24301335, ''
md5, 3de2a22babb69e480db11c3c15197586, ''
md5, 824c92e4b27026c113d766c0816428a0, ''
md5, a23d7b6a81dc0b460294e8be829f564d, ''
md5, aa906567b9feb1af431404d1c55e0241, ''
md5, ac073ad83555f3748d481bcf796e1993, ''
md5, fe07da37643ed789c48f85d636abcf66, ''
md5, 7c0be4e6aee5bc5960baa57c6a93f420, ''
md5, c0e85b34697c8561452a149a0b123435, ''
md5, f13deac7d2c1a971f98c9365b071db92, ''
md5, f74ccb013edd82b25fd1726b17b670e5, ''
md5, 015915bbfcda1b2b884db87262970a11, 'No sample in VT\r\nLast check:08/03/2025'
md5, 036e021e1b7f61cddfd294f791de7ea2, 'No sample in VT\r\nLast check:08/03/2025'
md5, 04090aca47f5360b84f6a55033544863, 'No sample in VT\r\nLast check:08/03/2025'
md5, 085faac21114c844529e11422ef684d1, 'No sample in VT\r\nLast check:08/03/2025'
md5, 0ba116aa1704a415812552a815fcd34b, 'No sample in VT\r\nLast check:08/03/2025'
md5, 0cbefd8cd4b9a36c791d926f84f10b7b, 'No sample in VT\r\nLast check:08/03/2025'
md5, 0cc5918d426cd836c52207a8332296bc, 'No sample in VT\r\nLast check:08/03/2025'
md5, 0dfcbb858bd2d5fb1d33cd69dcd844ae, 'No sample in VT\r\nLast check:08/03/2025'
md5, 0f13deac7d2c1a971f98c9365b071db9, 'No sample in VT\r\nLast check:08/03/2025'
md5, 0ffe80af4461c68d6571bede9527cf74, 'No sample in VT\r\nLast check:08/03/2025'
md5, 13ef0dfe608440ee60449e4300ae9324, 'No sample in VT\r\nLast check:08/03/2025'
md5, 14309b52f5a3df8cb0eb5b6dae9ce4da, 'No sample in VT\r\nLast check:08/03/2025'
md5, 17ef094043761a917ba129280618c1d3, 'No sample in VT\r\nLast check:08/03/2025'
md5, 2682a1246199a18967c98cb32191230c, 'No sample in VT\r\nLast check:08/03/2025'
md5, 2cce768dc3717e86c5d626ed7ce2e0b7, 'No sample in VT\r\nLast check:08/03/2025'
md5, 3032f4c7a6e4e807dd7b012fa4b43718, 'No sample in VT\r\nLast check:08/03/2025'
md5, 4dbfd37fd851daebdae7f009adec3cbd, 'No sample in VT\r\nLast check:08/03/2025'
md5, 4f19d5d2c04b6fc05e56c6a48fd9cb50, 'No sample in VT\r\nLast check:08/03/2025'
md5, 58670063ec00caf0d2d17f9d52f0ac95, 'No sample in VT\r\nLast check:08/03/2025'
md5, 588f41b1f34b29529bc117346355113f, 'No sample in VT\r\nLast check:08/03/2025'
md5, 5dec2e81037b2d72320516e86a2bcfbd, 'No sample in VT\r\nLast check:08/03/2025'
md5, 5f776a0de913173e878844d023a98f1c, 'No sample in VT\r\nLast check:08/03/2025'
md5, 5fc86559ae66dd223265540fd5dfaf3b, 'No sample in VT\r\nLast check:08/03/2025'
md5, 621e4c293313e8638fb8f725c0ae9d0f, 'No sample in VT\r\nLast check:08/03/2025'
md5, 67e032085dc756bb7123dfe942e5dca4, 'No sample in VT\r\nLast check:08/03/2025'
md5, 73396bacd33cde4c8cb699bcf11d9f56, 'No sample in VT\r\nLast check:08/03/2025'
md5, 8befabb08750548d7ba64717d92b71e0, 'No sample in VT\r\nLast check:08/03/2025'
md5, 8e5fd9f8557e0d39787dd205abffa973, 'No sample in VT\r\nLast check:08/03/2025'
md5, 9317458e0d8484b77c0b9fa914a98230, 'No sample in VT\r\nLast check:08/03/2025'
md5, a642c3dfd7e9dad5dc2a27ac6d8c9868, 'No sample in VT\r\nLast check:08/03/2025'
md5, a6703722c6a1953a8c3807a6ff93d913, 'No sample in VT\r\nLast check:08/03/2025'
md5, e8770d73d7d8b837df44a55de9adb7d5, 'No sample in VT\r\nLast check:08/03/2025'
ip-dst, 122.10.9.73, 'C2'
ip-dst, 122.9.247.4, 'C2'
ip-dst, 122.10.9.155, 'C2'
ip-dst, 23.88.236.96, 'C2'
ip-dst, 122.10.26.24, 'C2'
hostname, a.huntingtomingalls.com, 'C2'
hostname, ack.philippinenewss.com, 'C2'
hostname, af.huntingtomingalls.com, 'C2'
hostname, afc.philippinenewss.com, 'C2'
hostname, afnews.philippinenewss.com, 'C2'
hostname, articles.whynotad.com, 'C2'
hostname, ccid.mooo.com, 'C2'
hostname, d6.philippinenewss.com, 'C2'
hostname, de.philippinenewss.com, 'C2'
hostname, dec.huntingtomingalls.com, 'C2'
hostname, df1.huntingtomingalls.com, 'C2'
hostname, df2.huntingtomingalls.com, 'C2'
hostname, df3.huntingtomingalls.com, 'C2'
hostname, df4.huntingtomingalls.com, 'C2'
hostname, df5.huntingtomingalls.com, 'C2'
hostname, email.philippinenewss.com, 'C2'
hostname, email.philstarnotice.com, 'C2'
hostname, files.philippinenewss.com, 'C2'
hostname, files.philstarnotice.com, 'C2'
hostname, freebsd.extrimtur.com, 'C2'
hostname, gr.philippinenewss.com, 'C2'
hostname, guaranteed9.strangled.net, 'C2'
hostname, hosts.mysaol.com, 'C2'
hostname, ima03.now.im, 'C2'
hostname, img02.mooo.com, 'C2'
hostname, imgs09.homenet.org, 'C2'
hostname, knl.russkoeumea.com, 'C2'
hostname, login.philstarnotice.com, 'C2'
hostname, mail.philippinenewss.com, 'C2'
hostname, my.philippinenewss.com, 'C2'
hostname, na.huntingtomingalls.com, 'C2'
hostname, na.philstarnotice.com, 'C2'
hostname, new.philippinenewss.com, 'C2'
hostname, news.huntingtomingalls.com, 'C2'
hostname, news.philstarnotice.com, 'C2'
hostname, ng.philstarnotice.com, 'C2'
hostname, ns01.now.im, 'C2'
hostname, ny.huntingtomingalls.com, 'C2'
hostname, ny.philstarnotice.com, 'C2'
hostname, philippinenews.mooo.com, 'C2'
hostname, philnews.twilightparadox.com, 'C2'
hostname, pic.philstarnotice.com, 'C2'
hostname, pm.philstarnotice.com, 'C2'
hostname, pop.philippinenewss.com, 'C2'
hostname, pop.philstarnotice.com, 'C2'
hostname, premium9.crabdance.com, 'C2'
hostname, second.photo-frame.com, 'C2'
hostname, shoping.jumpingcrab.com, 'C2'
hostname, so.philippinenewss.com, 'C2'
hostname, web.huntingtomingalls.com, 'C2'
hostname, web01.crabdance.com, 'C2'
hostname, webmm.indiadigest.in, 'C2'
hostname, wg.philippinenewss.com, 'C2'
hostname, zq.philippinenewss.com, 'C2'
hostname, flags13.twilightparadox.com, 'C2'
domain, huntingtomingalls.com, 'Domain registration'
email-src, ssdfsddfs@qsdfsq.com, 'Domain registration'
domain, philippinenewss.com, 'Domain registration'
email-src, sambieber1990@yahoo.com, 'Domain registration'
domain, philstarnotice.com, 'Domain registration'
md5, bff9c356e20a49bbcb12547c8d483352, 'No sample in VT\r\nLast check:08/03/2025'

Full IOCs available in Rectifyq’s MISP

Rectifyq

Explorer

2015-04-15 The Chronicles of the Hellsing APT the Empire Strikes Back

Indicator of Compromise (IoCs)

🔴 Latest Relevant 🇲🇾 Threat Articles

2026-04-30 Inside Shadow-Earth-053 A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

2026-04-29 Phoenix Rising Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns

2026-04-21 GhostCargo, a 5-years campaign

Graph View