IOC Radar
TLP:WHITE9 IOCs

Operation Dragon Whistle: UNG0002 Targets Chinese Academia via Weaponized Institutional Lure

SE
Seqrite
Published May 20, 2026Original Report

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTURElysander.asia60.205.186.162CAPABILITYCobalt StrikeVICTIMunknown
Adversary
Infrastructure(2)
Capability(1)
Victim

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise9

TypeIndicatorConfidenceScoreFirst Seen
SHA25635a478f53f64bd412f374c65360fdba0518749537193669a8fe08d14bed65a2a
c2file-hashintel-blog
Medium
53
Jun 2, 26
SHA256e7aff6a55a7866776272d9913dfbf9d7db33fc9de6aced22f2a195feebb0e85f
file-hashintel-blogmalware
Medium
53
Jun 2, 26
Domainlysander.asia
intel-blogmalwarenetwork
High
58
Jun 2, 26
SHA256eb14d9e35a3bf0a933297f861bee0be9e6b9061fe4573a81ac92b71d55b6474f
file-hashintel-blogmalware
Medium
53
Jun 2, 26
IP60.205.186.162
intel-blogmalwarenetwork
High
58
Jun 2, 26
SHA256fe11b199ada23d5ac25efc4215e67f4ff617ccb4d429eb64412072687367ca1c
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256ed7087e3afba4b320bdf04f32d3a6c567effd3d18a97682968e567000e70b335
c2file-hashintel-blog
Medium
53
Jun 2, 26
SHA256c937eca7c4c9b98df9257d986e666d25411aac5fa39d21f7018dd2e1663f0c76
c2file-hashintel-blog
Medium
53
Jun 2, 26
SHA256cd99e83d241cfbb41bfcd0bc622a87d16268e710ca7d736d0c5f44774e0056e2
file-hashintel-blogmalware
Medium
53
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph9 total IOCs
SHA256DomainIP
SHA2567Domain1IP1Malware1REPORTOperation Dragon Whistle: Cobalt Strike
scroll to zoom · drag to pan · click IOC to open