Pubload Malware from Stately Taurus

    Wednesday, February 26, 2025 In: Threat Research Print

    Date: 02/26/2025

    Severity: High

    Summary

    Stately Taurus is our designation for a China-based cyberespionage group first identified in 2017, with potential activity dating back to 2012. Recently, it has targeted government and military entities in Myanmar, Nepal, the Philippines, and Sri Lanka. A file disguised as CCleanerReactivator has been linked to PubLoad malware infections. We continue monitoring this group’s infrastructure and malware.

    Indicators of Compromise (IOC) List

    IP Address :

    103.234.54.179

    Hash : 

    d665f55555f87b515cb8ef1adce9592a83662a8c4efa34f6ffdd022475bd176a

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    IP Address : 

    dstipaddress  IN ("103.234.54.179") or ipaddress IN ("103.234.54.179") or publicipaddress IN ("103.234.54.179") or srcipaddress IN ("103.234.54.179")

    Hash : 

    sha256hash IN ("d665f55555f87b515cb8ef1adce9592a83662a8c4efa34f6ffdd022475bd176a")

    Reference:

    https://github.com/PaloAltoNetworks/Unit42-timely-threat-intel/blob/main/2025-02-25-IOCs-Stately-Taurus-Pubload-activity.txt


    Tags

    MalwarePUBLOADMyanmarNepalThe PhilippinesSri LankaGovernment Services and FacilitiesDefense Industrial Base

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.