IOC Radar
TLP:WHITE4 IOCs

VELETRIX Loader Dissection: Kill Chain Analysis of China-Nexus Telecommunications Infrastructure Targeting

0M
0x0d4y Malware Research
Published July 2, 2025Original Report

Malware Families

Diamond Model

SOCIAL AXISTECHNOLOGY AXISADVERSARYunknownINFRASTRUCTUREunknownCAPABILITYCobalt StrikeMetasploitVICTIMunknown
Adversary
Infrastructure
Capability(2)
Victim

Attack Flow7 steps · MITRE ATT&CK mapped

Initial AccessTA0001·T1566.001
1/7
Spearphishing Attachment
ActionDeliver malicious attachment
Threat actors use spearphishing to deliver a ZIP file containing malicious binaries disguised as internal training software.

5W+H Threat Analysis

Analysis unavailable

Indicators of Compromise

Indicators of Compromise4

TypeIndicatorConfidenceScoreFirst Seen
SHA25627c04c7d2d6dbbb80247adae62e76dfa43c39c447f51205e276b064555a6eb84
file-hashintel-blogloader
Medium
53
Jun 2, 26
SHA256c9dc947b793d13c3b66c34de9e3a791d96e34639c5de1e968fb95ea46bd52c23
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256fef69f8747c368979a9e4c62f4648ea233314b5f41981d9c01c1cdd96fb07365
file-hashintel-blogmalware
Medium
53
Jun 2, 26
SHA256a15f30f20e3df05032445697c906c3a2accf576ecef5da7fad3730ca5f9c141c
file-hashintel-blogmalware
Medium
53
Jun 2, 26

IOC Relationship Graph

IOC Relationship Graph4 total IOCs
SHA256
SHA2564Malware2REPORTVELETRIX Loader DissectionCobalt StrikeMetasploit
scroll to zoom · drag to pan · click IOC to open