Rectifyq📃Title: Cloaked and Covert: Uncovering UNC3886 Espionage Operations
📅Date: 2024-06-19
🔗References:
🔖Rectifyq Taxonomies:
- relevancy: 🟡 Somewhat Relevant
- category: ⚔Threat
- sub-category: TA-profile
- target: broad-based
- MY-relevancy: somewhat-relevant
- action-taken: diamond-model
🔖MISP Galaxies:
- producer Mandiant
- threat-actor UNC3886
- region=“021 - Northern America”
- region=“035 - South-eastern Asia”
- malpedia=“VIRTUALGATE”
- malpedia=“tsh”
- mitre-attack-pattern=[]
MISP event uuid: f0dae99d-cc52-47ed-9db9-f8b09d2a05de
Indicator of Compromise (IoCs)
type,value,comment
md5, 381b7a2a6d581e3482c829bfb542a7de, 'UTILITY No sample in VT\r\nLast check:12/02/2026'
md5, 876787f76867ecf654019bd19409c5b8, 'INSTALLER No sample in VT\r\nLast check:12/02/2026'
md5, 827d8ae502e3a4d56e6c3a238ba855a7, 'ARCHIVE No sample in VT\r\nLast check:12/02/2026'
md5, 9ea86dccd5bbde47f8641b62a1eeff07, 'ARCHIVE No sample in VT\r\nLast check:12/02/2026'
md5, fcb742b507e3c074da5524d1a7c80f7f, 'ARCHIVE No sample in VT\r\nLast check:12/02/2026'
md5, 129ba90886c5f5eb0c81d901ad10c622, 'UTILITY No sample in VT\r\nLast check:12/02/2026'
md5, 0f76936e237bd87dfa2378106099a673, 'UTILITY No sample in VT\r\nLast check:12/02/2026'
md5, d18a5f1e8c321472a31c27f4985834a4, 'UTILITY No sample in VT\r\nLast check:12/02/2026'
md5, 4ddca39b05103aeb075ebb0e03522064, 'LAUNCHER No sample in VT\r\nLast check:12/02/2026'
md5, 0e43a0f747a60855209b311d727a20bf, 'GHOSTTOWN UTILITY No sample in VT\r\nLast check:12/02/2026'
md5, 1d89b48548ea1ddf0337741ebdb89d92, 'LOOKOVER SNIFFER No sample in VT\r\nLast check:12/02/2026'
md5, ecb34a068eeb2548c0cbe2de00e53ed2, 'LOOKOVER SNIFFER No sample in VT\r\nLast check:12/02/2026'
md5, 89339821cdf6e9297000f3e6949f0404, 'MOPSLED.LINUX BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, c870ea6a598c12218e6ac36d791032b5, 'MOPSLED.LINUX LAUNCHER No sample in VT\r\nLast check:12/02/2026'
md5, 1079d416e093ba40aa9e95a4c2a5b61f, 'REPTILE LAUNCHER No sample in VT\r\nLast check:12/02/2026'
md5, ed9be20fea9203f4c4557c66c5b9686c, 'REPTILE BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, 568074d60dd4759e963adc5fe9f15eb1, 'REPTILE BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, 4d5e4f64a9b56067704a977ed89aa641, 'REPTILE LAUNCHER No sample in VT\r\nLast check:12/02/2026'
md5, 1b7aee68f384e252286559abc32e6dd1, 'REPTILE BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, b754237c7b5e9461389a6d960156db1e, 'REPTILE BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, f41ad99b8a8c95e4132e850b3663cb40, 'REPTILE BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, 48f9bbdb670f89fce9c51ad433b4f200, 'REPTILE LAUNCHER No sample in VT\r\nLast check:12/02/2026'
md5, 4fb72d580241f27945ec187855efd84a, 'REPTILE BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, e2cdf2a3380d0197aa11ff98a34cc59e, 'REPTILE CONTROLLER No sample in VT\r\nLast check:12/02/2026'
md5, fd3834d566a993c549a13a52d843a4e1, 'REPTILE.SHELL BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, 4282de95cc54829d7ac275e436e33b78, 'REPTILE.SHELL BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, c9c00c627015bd78fda22fa28fd11cd7, 'REPTILE.SHELL BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, 047ac6aebe0fe80f9f09c5c548233407, 'REPTILE.SHELL BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, bca2ccff0596a9f102550976750e2a89, 'RIFLESPINE BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, 3a8a60416b7b0e1aa5d17eefb0a45a16, 'TINYSHELL CONTROLLER No sample in VT\r\nLast check:12/02/2026'
md5, 6e248f5424810ea67212f1f2e4616aa5, 'TINYSHELL BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, 5d232b72378754f7a6433f93e6380737, 'TINYSHELL CONTROLLER No sample in VT\r\nLast check:12/02/2026'
md5, 3c7316012cba3bbfa8a95d7277cda873, 'VIRTUALGATE DROPPER'
md5, 9c428a35d9fc1fdaf31af186ff6eec08, 'VIRTUALPEER UTILITY No sample in VT\r\nLast check:12/02/2026'
md5, 2716c60c28cf7f7568f55ac33313468b, 'VIRTUALPIE ARCHIVE No sample in VT\r\nLast check:12/02/2026'
md5, 61ab3f6401d60ec36cd3ac980a8deb75, 'VIRTUALPIE BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, bd6e38b6ff85ab02c1a4325e8af29ce4, 'VIRTUALPIE LAUNCHER No sample in VT\r\nLast check:12/02/2026'
md5, 9ef5266a9fdd25474227c3e33b8e6d77, 'VIRTUALPITA LAUNCHER No sample in VT\r\nLast check:12/02/2026'
md5, a7cd7b61d13256f5478feb28ab34be72, 'VIRTUALPITA BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, cd3e9e4df7e607f4fe83873b9d1142e3, 'VIRTUALPITA BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, 62bed88bd426f91ddbbbcfcd8508ed6a, 'VIRTUALPITA ARCHIVE No sample in VT\r\nLast check:12/02/2026'
md5, 8e80b40b1298f022c7f3a96599806c43, 'VIRTUALPITA BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, c9f2476bf8db102fea7310abadeb9e01, 'VIRTUALPITA BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, 2c28ec2d541f555b2838099ca849f965, 'VIRTUALPITA BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, 2bade2a5ec166d3a226761f78711ce2f, 'VIRTUALPITA BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, 969d7f092ed05c72f27eef5f2c8158d6, 'VIRTUALPITA BACKDOOR No sample in VT\r\nLast check:12/02/2026'
md5, 084132b20ed65b2930129b156b99f5b3, 'VIRTUALSHINE BACKDOOR No sample in VT\r\nLast check:12/02/2026'
ip-dst, 8.222.218.20, ''
ip-dst, 8.222.216.144, ''
ip-dst, 8.219.131.77, ''
ip-dst, 8.219.0.112, ''
ip-dst, 8.210.75.218, ''
ip-dst, 8.210.103.134, ''
ip-dst, 47.252.54.82, ''
ip-dst, 47.251.46.35, ''
ip-dst, 47.246.68.13, ''
ip-dst, 47.243.116.155, ''
ip-dst, 47.241.56.157, ''
ip-dst, 45.77.106.183, ''
ip-dst, 45.32.252.98, ''
ip-dst, 207.246.64.38, ''
ip-dst, 149.28.122.119, ''
ip-dst, 155.138.161.47, ''
ip-dst, 154.216.2.149, ''
ip-dst, 103.232.86.217, ''
ip-dst, 103.232.86.210, ''
ip-dst, 103.232.86.209, ''
ip-dst, 58.64.204.165, ''
ip-dst, 58.64.204.142, ''
ip-dst, 58.64.204.139, ''
ip-dst, 165.154.7.145, ''
ip-dst, 165.154.135.108, ''
ip-dst, 165.154.134.40, ''
ip-dst, 152.32.231.251, ''
ip-dst, 152.32.205.208, ''
ip-dst, 152.32.144.15, ''
ip-dst, 152.32.129.162, ''
ip-dst, 123.58.207.86, ''
ip-dst, 123.58.196.34, ''
ip-dst, 118.193.63.40, ''
ip-dst, 118.193.61.71, ''
ip-dst, 118.193.61.178, ''
Full IOCs available in Rectifyq's MISP```