We have developed TIPpers, which are incidents the ThreatConnect Research team flags for your awareness, so your organization can take decisive action.
TIPper: Chinese Advanced Persistent Threat (APT) “Yolped”
This incident contains legacy malware from 2012 that includes a hardcoded command and control callback to an Alcatel-Lucent domain hosted on an official Alcatel-Lucent server in France. The same C2 was previously identified in Incident 20140606B: RavMonD APT. The compromised Alcatel server appears to be inactive now, but ThreatConnect wants to share this information for incident response purposes. Please see the incident in Subscriber Community for associated indicators including the server and malware MD5s.
For additional details, current ThreatConnect users can access this incident by selecting this LINK or search for incident “20120808A” in the ThreatConnect Platform.
If you do not have a ThreatConnect account, click HERE to access our Free Edition as well as 30-day access to our Subscriber Community. ThreatConnect’s Free Edition allows you to establish a basic threat intelligence practice, collaborate with your internal team, protect your organization with open source threat data, bulk import cyberthreat indicators, contribute to the ThreatConnect Community, and receive support and validation from outside researchers and analysts also using the platform. The Subscriber Community includes timely notification of threat incidents identified by the ThreatConnect Research team, an exclusive service offered at no additional charge to paying customers.