VELVETSTING

Description

(Sygnia) A tool that connects to the threat actor’s C&C once an hour, searching commands to execute. The threat actor used the IP address 202.61.136[.]158:8443 as a C&C and the commands were encoded with the passphrase ‘1qaz@WSXedc’. Once the tool received a command, it was executed via ‘csh’ (Unix C shell).

Names

Name
VELVETSTING

Type

Backdoor

Information

https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/

Other Information

Uuid

018abbc6-eb28-4f5b-8bb3-65eb3b2ae1d5

Last Card Change

2024-06-19

Threat Intelligence Garden

Explorer

VELVETSTING

VELVETSTING

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks