Rectifyq📃Title: PLATINUM Targeted attacks in South and Southeast Asia
📅Date: 2016-04-29
🔗References:
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: TA-profile
- target: targeted
- MY-relevancy: relevant
🔖MISP Galaxies:
- producer= Microsoft
- threat-actor= PLATINUM
- target-information=“China”
- target-information=“India”
- target-information=“Indonesia”
- target-information=“Malaysia”
- target-information=“Singapore”
- target-information=“Thailand”
- sector=“Academia - University”
- sector=“Diplomacy”
- sector=“Government, Administration”
- sector=“IT - ISP”
- malpedia=“REDSALT”
- mitre-attack-pattern=[]
MISP event uuid: 592acc60-42a9-42e2-ad37-c100dca752e9
Indicator of Compromise (IoCs)
type,value,comment
md5, fde37e60cc4be73dada0fb1ad3d5f273, ''
md5, 2f1ab543b38a7ad61d5dbd72eb0524c4, ''
md5, 7eb17991ed13960d57ed75c01f6f7fd5, ''
md5, 70511e6e75aa38a4d92cd134caba16ef, ''
md5, 28e81ca00146165385c8916bf0a61046, ''
md5, eaec3e5334b937a526a418b88d63291c, 'Dipsind Family'
md5, d9af02de733584e4c91fc107c50538d3, 'Adupib SSL Backdoor'
md5, cf386d884135b195fb6d11727bc06056, 'Loader / possible incomplete LSA Password Filter'
md5, 739daf91938f4bdab973c5ef519d6543, 'Dipsind variant'
md5, 05e48b00754007843e1fdf72083a1538, 'Raw-input based keylogger'
md5, 6561e8fad70cfdd25e4a1f8d64f2c0a0, 'Dipsind variant'
md5, 71a76adeadc7b51218d265771fc2b0d1, 'Dipsind variant'
md5, e6c27747a61038a641b8fa1239a35291, 'Installer for Dipsind variant'
md5, 1c7123dd51906327c37ed12b68cf435f, 'Injector / loader component'
md5, a3edf69b6b419e5ac3de3d99e636f59c, 'Zc tool'
md5, e9a99f7b2ac4a8aceed2c3a9fcb78eb8, 'Zc tool v2'
sha1, e9f900b5d01320ccd4990fd322a459d709d43e4b, 'No sample in VT\r\nLast check:15/02/2026'
sha1, 9a4e82ba371cd2fedea0b889c879daee7a01e1b1, 'No sample in VT\r\nLast check:15/02/2026'
sha1, 92a3ece981bb5e0a3ee4277f08236c1d38b54053, 'Malaysia a victim of American irregular warfare ops.doc No sample in VT\r\nLast check:15/02/2026'
sha1, 0bc08dca86bd95f43ccc78ef4b27d81f28b4b769, 'No sample in VT\r\nLast check:15/02/2026'
sha1, f4af574124e9020ef3d0a7be9f1e42c2261e97e6, 'No sample in VT\r\nLast check:15/02/2026'
url, mister.nofrillspace.com/users/web8_dice/4226/space.gif, ''
url, intent.nofrillspace.com/users/web11_focus/3807/space.gif, ''
url, mister.nofrillspace.com/users/web8_dice/3791/space.gif, ''
url, intent.nofrillspace.com/users/web11_focus/4307/space.gif, ''
url, www.police28122011.0fees.net/pages/013/space.gif, ''
hostname, box62.a-inet.net, ''
hostname, eclipse.a-inet.net, ''
hostname, joomlastats.a-inet.net, ''
hostname, updates.joomlastats.co.cc, ''
hostname, server.joomlastats.co.cc, ''
hostname, scienceweek.scieron.com, ''
hostname, mobileworld.darktech.org, ''
hostname, geocities.efnet.at, ''
hostname, bpl.blogsite.org, ''
hostname, wiki.servebbs.net, ''
ip-dst, 200.61.248.8, 'Hardcoded IP'
ip-dst, 209.45.65.163, 'Hardcoded IP'
ip-dst, 190.96.47.9, 'Hardcoded IP'
ip-dst, 192.192.114.1, 'Hardcoded IP'
ip-dst, 61.31.203.98, 'Hardcoded IP'
sha1, ff7f949da665ba8ce9fb01da357b51415634eaad, 'Hotpatching Injector No sample in VT\r\nLast check:15/02/2026'
sha1, dff2fee984ba9f5a8f5d97582c83fca4fa1fe131, 'Hotpatching Injector No sample in VT\r\nLast check:15/02/2026'
sha1, e0ac2ae221328313a7eee33e9be0924c46e2beb9, 'Installer component No sample in VT\r\nLast check:15/02/2026'
sha1, ccaf36c2d02c3c5ca24eeeb7b1eae7742a23a86a, 'Installer component No sample in VT\r\nLast check:15/02/2026'
sha1, ca3bda30a3cdc15afb78e54fa1bbb9300d268d66, 'Variant of the JPin backdoor No sample in VT\r\nLast check:15/02/2026'
sha1, 2fe3c80e98bbb0cf5a0c4da286cd48ec78130a24, 'Variant of the JPin backdoor No sample in VT\r\nLast check:15/02/2026'
sha1, 0096a3e0c97b85ca75164f48230ae530c94a2b77, 'Keylogger component No sample in VT\r\nLast check:15/02/2026'
sha1, 6a1412daaa9bdc553689537df0a004d44f8a45fd, 'Keylogger component No sample in VT\r\nLast check:15/02/2026'
sha1, a80051d5ae124fd9e5cc03e699dd91c2b373978b, 'Adupib SSL Backdoor No sample in VT\r\nLast check:15/02/2026'
sha1, 29cb81dbe491143b2f8b67beaeae6557d8944ab4, 'Loader / possible incomplete LSA Password Filter No sample in VT\r\nLast check:15/02/2026'
sha1, 6dccf88d89ad7b8611b1bc2e9fb8baea41bdb65a, 'Dipsind variant No sample in VT\r\nLast check:15/02/2026'
sha1, 960feeb15a0939ec0b53dcb6815adbf7ac1e7bb2, 'Raw-input based keylogger No sample in VT\r\nLast check:15/02/2026'
sha1, 99c08d31af211a0e17f92dd312ec7ca2b9469ecb, 'Installer component No sample in VT\r\nLast check:15/02/2026'
sha1, dcb6cf7cf7c8fdfc89656a042f81136bda354ba6, 'Installer component No sample in VT\r\nLast check:15/02/2026'
sha1, 99dcb148b053f4cef6df5fa1ec5d33971a58bd1e, 'Installer component No sample in VT\r\nLast check:15/02/2026'
sha1, c1c950bc6a2ad67488e675da4dfc8916831239a7, 'Installer component No sample in VT\r\nLast check:15/02/2026'
sha1, 831a5a29d47ab85ee3216d4e75f18d93641a9819, 'Hook-based keylogger No sample in VT\r\nLast check:15/02/2026'
sha1, e18750207ddbd939975466a0e01bd84e75327dda, 'Hook-based keylogger No sample in VT\r\nLast check:15/02/2026'
sha1, 3119de80088c52bd8097394092847cd984606c88, 'JPin backdoor No sample in VT\r\nLast check:15/02/2026'
sha1, 3acb8fe2a5eb3478b4553907a571b6614eb5455c, 'JPin backdoor No sample in VT\r\nLast check:15/02/2026'
sha1, 6d1169775a552230302131f9385135d385efd166, 'Installer component No sample in VT\r\nLast check:15/02/2026'
sha1, d807648ddecc4572c7b04405f496d25700e0be6e, 'Dipsind variant No sample in VT\r\nLast check:15/02/2026'
sha1, bbd4992ee3f3a3267732151636359cf94fb4575d, 'Dipsind variant No sample in VT\r\nLast check:15/02/2026'
sha1, 2abb8e1e9cac24be474e4955c63108ff86d1a034, 'Installer for Dipsind variant No sample in VT\r\nLast check:15/02/2026'
sha1, 3a678b5c9c46b5b87bfcb18306ed50fadfc6372e, 'Injector / loader component No sample in VT\r\nLast check:15/02/2026'
sha1, 88ff852b1b8077ad5a19cc438afb2402462fbd1a, 'Zc tool No sample in VT\r\nLast check:15/02/2026'
sha1, dc991ef598825daabd9e70bac92c79154363bab2, 'Zc tool v2 No sample in VT\r\nLast check:15/02/2026'
Full IOCs available in Rectifyq’s MISP