Rectifyq📃Title: ToddyCat: Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia
📅Date: 2022-06-21
🔗References:
Description
A new type of cyber-attack has been detected in Asia since May 2021, and it is believed to be from the same group that first appeared in the US in 2011 and 2014. and is now spreading around the world.
🔖Rectifyq Taxonomies:
- relevancy: 🔴 Highly Relevant
- category: ⚔Threat
- sub-category: TA-profile
- target: targeted
- MY-relevancy: relevant
🔖MISP Galaxies:
- producer Kaspersky
- target-information=“Taiwan”
- target-information=“Vietnam”
- target-information=“Afghanistan”
- target-information=“India”
- target-information=“Iran”
- target-information=“Malaysia”
- target-information=“Pakistan”
- target-information=“Russia”
- target-information=“Slovakia”
- target-information=“Thailand”
- target-information=“United Kingdom”
- threat-actor ToddyCat
- target-information=“Kyrgyzstan”
- target-information=“Uzbekistan”
- mitre-attack-pattern=[‘T1073’, ‘T1037’, ‘T1071.001’, ‘T1090’, ‘T1055’, ‘T1053’]
MISP event uuid: e5b2340a-7903-4bd9-a019-bba2fc4c1e4a
Indicator of Compromise (IoCs)
type,value,comment
md5, 8a00d23192c4441c3ee3e56acebf64b0, 'Samurai Backdoor No sample in VT\r\nLast check:23/02/2025'
md5, 5e721804f556e20bf9ddeec41ccf915d, 'Ninja Trojan No sample in VT\r\nLast check:23/02/2025'
ip-dst, 149.28.28.159, 'Ninja C2'
hostname, eohsdnsaaojrhnqo.windowshost.us, 'Ninja C2'
Full IOCs available in Rectifyq's MISP```