Date: 01/09/2026
Severity: High
Summary
UAT-7290 is a sophisticated threat actor active since at least 2022, focused on gaining initial access and conducting espionage against high-value telecommunications and critical infrastructure targets in South Asia. The group performs extensive pre-intrusion technical reconnaissance and deploys a custom malware toolkit—including RushDrop, DriveSwitch, and SilentRaid—to enable stealthy, long-term access and intelligence collection.
Indicators of Compromise (IOC) List
Hash | 4a963519b4950845a8d76668d4d7dd29
5e3a2a0461c7888d0361dd75617051c6
72d377fa8ccf23998dd7c22c9647fc2a
3ce9ecfe196fd148dc49975eb33ff0923796718a
96a327ffa20f7ca4ef5ea593ea6f93d7b4cbcd6e
d398f76c7ba0bbf79b1cac0620cdf4b42e505195
723c1e59accbb781856a8407f1e64f36038e324d3f0bdb606d35c359ade08200
918fb8af4998393f5195bafaead7c9ba28d8f9fb0853d5c2d75f10e35be8015a
961ac6942c41c959be471bd7eea6e708f3222a8a607b51d59063d5c58c54a38d
|
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Detection Query 1 : | md5hash IN ("72d377fa8ccf23998dd7c22c9647fc2a","5e3a2a0461c7888d0361dd75617051c6","4a963519b4950845a8d76668d4d7dd29")
|
Detection Query 2 : | sha1hash IN ("3ce9ecfe196fd148dc49975eb33ff0923796718a","96a327ffa20f7ca4ef5ea593ea6f93d7b4cbcd6e","d398f76c7ba0bbf79b1cac0620cdf4b42e505195")
|
Detection Query 3 : | sha256hash IN ("961ac6942c41c959be471bd7eea6e708f3222a8a607b51d59063d5c58c54a38d","723c1e59accbb781856a8407f1e64f36038e324d3f0bdb606d35c359ade08200","918fb8af4998393f5195bafaead7c9ba28d8f9fb0853d5c2d75f10e35be8015a")
|
Reference:
https://blog.talosintelligence.com/uat-7290/