Autumn Dragon China-Nexus APT Group Targets South East Asia Using Multi-Stage DLL Sideloading

Date: 11/24/2025

Severity: High

Summary

Since early 2025, China’s presence in the Indo-Pacific has become increasingly assertive. Activities have ranged from heightened maritime tensions to acting as a peacebroker for Myanmar’s junta. More recently, espionage efforts have targeted joint Philippine naval exercises with the US, Australia, Canada, and New Zealand. The attacker—likely a China-nexus threat actor—relies heavily on DLL sideloading to compromise chosen targets. Governments and media remain prime targets due to their influence on policy, public perception, and global alignment.

Indicators of Compromise (IOC) List

Domains\URLs :

https://public.megadatacloud.com

https://104.234.37.45

Hash :

5b64786ed92545eeac013be9456e1ff03d95073910742e45ff6b88a86e91901b

e409736eb77a6799d88c8208eb5e58ea0dcb2c016479153f9e2c4c3c372e3ff6

50855f0e3c7b28cbeac8ae54d9a8866ed5cb21b5335078a040920d5f9e386ddb

a3805b24b66646c0cf7ca9abad502fe15b33b53e56a04489cfb64a238616a7bf

5d0d00f5d21f360b88d1622c5cafd42948eedf1119b4ce8026113ee394ad8848

843fca1cf30c74edd96e7320576db5a39ebf8d0a708bde8ccfb7c12e45a7938c

2044a0831ce940fc247efb8ada3e60d61382429167fb3a220f277037a0dde438

c691f9de944900566b5930f219a55afcfc61eaf4ff40a4f476dd98a5be24b23c

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Detection Query 1 :

domainname like "https://104.234.37.45" or url like "https://104.234.37.45" or siteurl like "https://104.234.37.45" or domainname like "https://public.megadatacloud.com" or url like "https://public.megadatacloud.com" or siteurl like "https://public.megadatacloud.com"

Detection Query 2 :

sha256hash IN ("5b64786ed92545eeac013be9456e1ff03d95073910742e45ff6b88a86e91901b","e409736eb77a6799d88c8208eb5e58ea0dcb2c016479153f9e2c4c3c372e3ff6","50855f0e3c7b28cbeac8ae54d9a8866ed5cb21b5335078a040920d5f9e386ddb","a3805b24b66646c0cf7ca9abad502fe15b33b53e56a04489cfb64a238616a7bf","5d0d00f5d21f360b88d1622c5cafd42948eedf1119b4ce8026113ee394ad8848","843fca1cf30c74edd96e7320576db5a39ebf8d0a708bde8ccfb7c12e45a7938c","2044a0831ce940fc247efb8ada3e60d61382429167fb3a220f277037a0dde438","c691f9de944900566b5930f219a55afcfc61eaf4ff40a4f476dd98a5be24b23c")

Reference:

https://cdn.prod.website-files.com/68cd99b1bd96b42702f97a39/691bf999a544b31f93edb11d_b6dc80485a86c3eeaed906c7ecf0cd7b_Autumn%20Dragon_%20China-nexus%20APT%20Group%20Target%20South%20East%20Asia.pdf

Autumn Dragon China-Nexus APT Group Targets South East Asia Using Multi-Stage DLL Sideloading

Summary

Indicators of Compromise (IOC) List

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Tags

Comments

Autumn Dragon China-Nexus APT Group Targets South East Asia Using Multi-Stage DLL Sideloading

Summary

Indicators of Compromise (IOC) List

Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

Tags

Share This

Comments