{"id":13890,"date":"2026-06-26T10:04:01","date_gmt":"2026-06-26T10:04:01","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/06\/26\/cl-sta-1062-hackers-use-tinyrct-backdoor-to-target-southeast-asian-governments\/"},"modified":"2026-06-26T10:04:01","modified_gmt":"2026-06-26T10:04:01","slug":"cl-sta-1062-hackers-use-tinyrct-backdoor-to-target-southeast-asian-governments","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/06\/26\/cl-sta-1062-hackers-use-tinyrct-backdoor-to-target-southeast-asian-governments\/","title":{"rendered":"CL-STA-1062 Hackers Use TinyRCT Backdoor to Target Southeast Asian Governments"},"content":{"rendered":"<p>    CL-STA-1062 Hackers Use TinyRCT Backdoor to Target Southeast Asian Governments<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p class=\"wp-block-paragraph\">A Chinese-speaking threat group known as CL-STA-1062 has been running a quiet but aggressive campaign against government agencies and critical energy infrastructure across Southeast Asia. <\/p>\n<p class=\"wp-block-paragraph\">The attackers, active since at least March 2022, spent much of 2025 targeting <a href=\"https:\/\/cybersecuritynews.com\/open-source-gis-vs-proprietary-gis-pros-cons-and-use-cases\/\" id=\"112030\" target=\"_blank\" rel=\"noreferrer noopener\">state-owned enterprises with a toolkit that blends widely available open-source utilities<\/a> with a newly built, custom backdoor called TinyRCT.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The campaign picked up pace in September 2025, when the group broke into a Southeast Asian government network by deploying web shells and pulling database records off an internal MSSQL server. <\/p>\n<p class=\"wp-block-paragraph\">From there, they expanded their reach by scanning a nearby government entity in the same country, looking for lateral movement opportunities and ways to deepen their foothold. <\/p>\n<p class=\"wp-block-paragraph\">By the end of the year, between October and December 2025, the group had likely compromised at least ten separate organizations in the region.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/unit42.paloaltonetworks.com\/cl-sta-1062-tinyrct-backdoor\/\" id=\"https:\/\/unit42.paloaltonetworks.com\/cl-sta-1062-tinyrct-backdoor\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Researchers at Unit 42, Palo Alto Networks\u2019 threat intelligence arm, said in a report<\/a> shared with\u00a0Cyber Security News (CSN)\u00a0that CL-STA-1062 is the same cluster previously tracked by Cisco Talos as UAT-7237, a group that targeted web hosting infrastructure in Taiwan in mid-2025. <\/p>\n<p class=\"wp-block-paragraph\">The attackers have since shifted focus toward energy and government sectors, pointing to a broader, sustained strategy across the Asia-Pacific region.<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEggw-Xjx3PWso62VBNURdnIzy00RUcEpCtFed1V1xnLJvtA8KGH1MjwXTyrbTIw_znihCSZM2AGIbXyHKoMM0chr783ji3abetRRDatozuaQ1Ocds370BdmWdfvuRjSXozD5T6Oriy7pgarqb7kmkOVq0LcB5o9RKJtqoXJ0qML1TJoowCB8k5edReBh3o\/s16000\/Examples%2520of%2520outbound%2520requests%2520from%2520an%2520infected%2520network%2520%28Source%2520-%2520Unit42%29.webp?ssl=1\" alt=\"Examples of outbound requests from an infected network (Source - Unit42)\"><figcaption class=\"wp-element-caption\">Examples of outbound requests from an infected network (Source \u2013 Unit42)<\/figcaption><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\">What makes this group stand out is how they combine free-to-use tools with their own homegrown malware. <\/p>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/cybersecuritynews.com\/mimikatz-hacking-tool-to-deploy-trigona-ransomware\/\" id=\"16616\" target=\"_blank\" rel=\"noreferrer noopener\">They routinely use SoftEther VPN, Mimikatz, and VNT for tunneling<\/a> and credential theft, often disguising these tools as legitimate VMware executables or trusted system processes. <\/p>\n<p class=\"wp-block-paragraph\">The introduction of TinyRCT, a previously undocumented backdoor written in C#, marks a notable escalation in the group\u2019s offensive capabilities and reflects a willingness to build custom tools when needed.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<h2 id=\"h-cl-sta-1062-hackers-use-tinyrct-backdoor\" class=\"wp-block-heading\"><strong>CL-STA-1062 Hackers Use TinyRCT Backdoor<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">TinyRCT is a lightweight remote access trojan built specifically for Windows systems. It arrives on a victim machine through a malicious archive called chrome_setup.zip, which carries a legitimate-looking Chrome installer alongside a hidden, malicious DLL. <\/p>\n<p class=\"wp-block-paragraph\">When the user runs the installer, a technique called AppDomainManager Injection quietly loads the malicious code inside the trusted process, keeping it largely out of plain sight.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">Once the loader runs, it checks whether it is executing from the user\u2019s Downloads folder. If not, it terminates immediately, a deliberate trick to dodge sandbox analysis environments. <\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgCO4pKqpC5k4xWZeS70lINsh5Ba1sxkBChb7iPmh92Z5CekWIXryA6nuJOW3o3QAsJyd5JPT9yMlA_SWuhmdBxWR8Wk1gR4plwlXPbotmI1pe5C3jX6l_s8bWrNqViUxlaejnAg01P8-Ox4WOiKnKqU9jqpYwvSiLUwssjIjP3ub7QKPLaMtuWPTcU6i8\/s16000\/A%2520prevention%2520alert%2520of%2520blocking%2520the%2520TinyRCT%2520malware%2520execution%2520attempt%2520%28Source%2520-%2520Unit42%29.webp?ssl=1\" alt=\"A prevention alert of blocking the TinyRCT malware execution attempt (Source - Unit42)\"><figcaption class=\"wp-element-caption\">A prevention alert of blocking the TinyRCT malware execution attempt (Source \u2013 Unit42)<\/figcaption><\/figure>\n<\/div>\n<p class=\"wp-block-paragraph\">If the check passes, it contacts a staging server, drops the TinyRCT payload into the local app data directory as PerfWatson2.exe, and <a href=\"https:\/\/cybersecuritynews.com\/hackers-use-googleerrorreport-scheduled-task-for-persistence\/\" id=\"153570\" target=\"_blank\" rel=\"noreferrer noopener\">registers a scheduled task to keep the infection alive<\/a> across system reboots.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">After settling in, TinyRCT checks in with its command-and-control server every ten seconds. All traffic is encrypted using AES-128, though the encryption key is hard-coded directly inside the binary. <\/p>\n<p class=\"wp-block-paragraph\">The backdoor can run shell commands, list and read files, download payloads, capture screenshots, and erase itself using a self-destruct routine that leverages choice.exe to introduce a short delay before removing its own files.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<h2 id=\"h-critical-infrastructure-under-attack\" class=\"wp-block-heading\"><strong>Critical Infrastructure Under Attack<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">The group\u2019s focus on energy infrastructure makes this campaign especially alarming. <\/p>\n<p class=\"wp-block-paragraph\">Researchers found that two state-owned energy organizations in the same Southeast Asian country were actively compromised, with attackers scanning for vulnerabilities and downloading malicious payloads onto the infected networks. <\/p>\n<p class=\"wp-block-paragraph\">Tools were frequently bundled inside password-protected RAR archives to avoid triggering security alerts.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/cybersecuritynews.com\/lateral-movement-detection\/\" id=\"106631\" target=\"_blank\" rel=\"noreferrer noopener\">The attackers used traceroute to map lateral movement paths<\/a> to nearby government systems, and deployed JuicyPotato to escalate privileges once inside a network. <\/p>\n<p class=\"wp-block-paragraph\">In at least one case, they compressed and exfiltrated an entire directory of web server source code before sending it to attacker-controlled servers. <\/p>\n<p class=\"wp-block-paragraph\">A comment written in Simplified Chinese found inside TinyRCT\u2019s binary adds to the growing evidence pointing toward Chinese-speaking actors.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">Security teams in Southeast Asia, particularly in energy and government sectors, should watch for untrusted binaries running from local app data directories and unfamiliar scheduled tasks mimicking legitimate service names. <\/p>\n<p class=\"wp-block-paragraph\">Reviewing outbound HTTP traffic for regular beaconing behavior and enforcing strict policies on where executables are permitted to run are among the most practical defensive steps available against a persistent threat like this.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\"><strong>Indicators of Compromise (IoCs):-<\/strong><\/p>\n<figure class=\"wp-block-table\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th class=\"has-text-align-left\" data-align=\"left\">Type<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Indicator<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>SHA256<\/td>\n<td><code>00e09754526d0fe836ba27e3144ae161b0ecd3774abec5560504a16a67f0087c<\/code><\/td>\n<td>chrome_setup.zip file\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>SHA256<\/td>\n<td><code>f34bd1d485de437fe18360d1e850c3fd64415e49d691e610711d8d232071a0b1<\/code><\/td>\n<td>fscan\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>SHA256<\/td>\n<td><code>dce5df29bddff5a4ddaea5c4fec14da91f7b69063a6e1c45ed61e5da4fc6c87b<\/code><\/td>\n<td>SoftEther VPN\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>SHA256<\/td>\n<td><code>cbfe8de6ffadbb1d396f61e63eb18e8b11c29527c1528641e3223d4c516cf7c3<\/code><\/td>\n<td>TinyRCT downloader\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>SHA256<\/td>\n<td><code>4e1f8888d020decd09799ec946f1bf677cac6612b24582ddbf4d8ede425d8384<\/code><\/td>\n<td>TinyRCT backdoor\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>SHA256<\/td>\n<td><code>9b481b69cd91b09fa7bae7428f646dd89473a4c03393e43da81fe756cde1c472<\/code><\/td>\n<td>VNT\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>IPv4<\/td>\n<td><code>139.180.134[.]221<\/code><\/td>\n<td>Attacker C2 \/ staging server\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>IPv4<\/td>\n<td><code>202.182.102[.]5<\/code><\/td>\n<td>Attacker C2 server\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>IPv4<\/td>\n<td><code>45.76.210[.]43<\/code><\/td>\n<td>Attacker C2 server\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>IPv4<\/td>\n<td><code>45.32.113[.]172<\/code><\/td>\n<td>TinyRCT primary C2 server\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>URL<\/td>\n<td><code>hxxp[:]\/\/139.180.134[.]221\/sdksdk608\/1.zip<\/code><\/td>\n<td>Malicious payload download URL\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>URL<\/td>\n<td><code>hxxp[:]\/\/139.180.134[.]221\/sdksdk608\/anydesk%5f0117.zip<\/code><\/td>\n<td>Malicious payload download URL\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>URL<\/td>\n<td><code>hxxp[:]\/\/139.180.134[.]221\/sdksdk608\/hamcore.se2<\/code><\/td>\n<td>SoftEther VPN component\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>URL<\/td>\n<td><code>hxxp[:]\/\/139.180.134[.]221\/sdksdk608\/httpdf<\/code><\/td>\n<td>Malicious tool download URL\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>URL<\/td>\n<td><code>hxxp[:]\/\/139.180.134[.]221\/sdksdk608\/vpn%5fbridge.config<\/code><\/td>\n<td>VPN bridge config URL\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>URL<\/td>\n<td><code>hxxp[:]\/\/139.180.134[.]221\/sdksdk608\/win-vpn.rar<\/code><\/td>\n<td>VPN tools archive URL\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>URL<\/td>\n<td><code>hxxp[:]\/\/139.180.134[.]221\/PerfWatson2.exe<\/code><\/td>\n<td>TinyRCT payload hosted on C2\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>File Name<\/td>\n<td><code>PerfWatson2.exe<\/code><\/td>\n<td>TinyRCT backdoor masquerading as Visual Studio telemetry\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>File Name<\/td>\n<td><code>chrome_setup.zip<\/code><\/td>\n<td>Initial infection archive\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<tr>\n<td>File Name<\/td>\n<td><code>MyAppDomainManager.dll<\/code><\/td>\n<td>Malicious DLL used in AppDomainManager Injection\u00a0<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/61868914-0e6f-496e-930e-7727798771af\/CL-STA-1062-Hackers-Use-TinyRCT-Backdoor-to-Target-Southeast-Asian-Governments.pdf?AWSAccessKeyId=ASIA2F3EMEYESVBI5DY3&amp;Signature=Qf7IWpM9n7ijlIZJycXlVmEhe08%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEJj%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDRvxEuXtmGtr%2Btgb200GkND3fua%2BipIMY11St1J%2BhtOAIgQwgJjTfA72A1njSWlY9j96sCq5j2CnpGPf%2BvcQr%2Fmjcq8wQIYRABGgw2OTk3NTMzMDk3MDUiDFYywEsOKSSNHTIgNCrQBIoDpqlypPibMVdzMvIB2z5G6lMbuTL8BIwqaK%2BseCoLQAdsWP8H54wyKdJq7C0dD2UpzuRsu6a3VzGu86hhrR3kFgk5jPhYLexyni%2F5FaCTdO1KLlELgBnmIvyMJNi7PQsJgNeQaUP0D7drg9O3rb%2BHi0Gzgn9GyA9ppuw7ANgV7slLWMRAk4cT%2B23kLtMfZ6DbI5RVYJRYKtZs6A%2BYGH7o%2FAV6%2FkuBOFpZx5YLlfMTlUZaKIeM3rQCmggws1DfB430BZCLInQ1rt3HHG1X0hFAsyfuQKamgtuXFb2UMcQDyRsSiqcHsqVwy4JJEn0FRB8zCkVj0DYKPJqYKprpu6HnGG5%2Bg9dtxKAk5NMsa8kB1R4%2BCrc%2Bw3vYXha1z5TXaZgUU5fl5dpIQHUy4qEQ8xw9KnH3kKMu1S4sF1OXXG3hBDqf3KK7xA2Hb4jT6gznHsw1dsLGY%2BY1chFSB40aCWU6HssCSO8vEa5It%2FBN7bVeFURajuZ67eQC0ZnRmZ%2BJIAWE0YpujZ3tSo77QpfogxnHyZv23tEeT%2BKgHvdMUaARY%2Buq7vVSbkcAqtlK6kXg4kgfNvMRc%2F30EgI54QWrqQAEyV%2FTNYy5mTjrye5t2p%2BgDtoGVUbHrZIJ4CTXzN6FQV2i%2FUL17EO%2FBM74eKTMfjpykCtvHOVDGlQZbH1mwEKrgYsOWugHJVWDsnpNeujVJmP7xcPLibnFm1PMjX7bcP027009ebaJk4zTBTFp3QayAsq06zY9EPpQXMaa%2BB50qa%2BOxjL6xHOj4gqjRzvaq4MwsNj40QY6mAHKMym5WGswSLbMTGcBSVNtS1NN2ShHkIuFDg1iFou8hFqaBNukGAI6WIdu0TI1P5UI1%2FXMHZ0JRZm75VWV4V6yUmohXko3b3MzwgiCkFDQovmlsfcfdXU03IhUlkz9pm5zxgPH4HErtOOgSti%2BKfP1yypPIfYMmw0mDcIJ%2BDEjW0Zg5q09TGOad6halfBNlsNQn10%2BxeiTjA%3D%3D&amp;Expires=1782462979\"><\/a>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p class=\"wp-block-paragraph\"><strong>Note:<\/strong>\u00a0<em>IP addresses and domains are intentionally defanged (e.g.,\u00a0<\/em><code><em>[.]<\/em><\/code><em>) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM<\/em>.<\/p>\n<p class=\"has-text-align-center has-background wp-block-paragraph\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 90%,rgb(169,184,195) 100%)\"><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong>Follow us on\u00a0<a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener\">Google News<\/a>,\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener\">LinkedIn<\/a>,\u00a0and\u00a0<a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener\">X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0<strong>Set CSN as a Preferred Source in<\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong> <strong><strong><a href=\"https:\/\/www.google.com\/preferences\/source?q=cybersecuritynews.com\" target=\"_blank\" rel=\"noreferrer noopener\">Google<\/a><\/strong><\/strong>.<\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/cl-sta-1062-hackers-use-tinyrct-backdoor\/\">CL-STA-1062 Hackers Use TinyRCT Backdoor to Target Southeast Asian Governments<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Tushar Subhra Dutta<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/cl-sta-1062-hackers-use-tinyrct-backdoor\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CL-STA-1062 Hackers Use TinyRCT Backdoor to Target Southeast Asian Governments A Chinese-speaking threat group known as CL-STA-1062 has been running a quiet but aggressive campaign against government agencies and critical energy infrastructure across Southeast Asia. The attackers, active since at least March 2022, spent much of 2025 targeting state-owned enterprises with a toolkit that blends [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,649],"tags":[130],"class_list":["post-13890","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-threats","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13890"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=13890"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13890\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=13890"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=13890"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=13890"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}