Report on APT Attacks by BlackTech
Show in Graph
Image Description
Common Information
Type Value
UUID d841a373-c0fa-4be3-a462-0f9458171543
Fingerprint a7e5fd33506478b10415802de9bab752e6c7409cf3ef136b1fc5600e6877ccdd
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 22, 2022, 4:03 p.m.
Added to db May 24, 2024, 5:21 p.m.
Last updated Aug. 31, 2024, 8:31 a.m.
Headline Report on APT Attacks by BlackTech
Title Report on APT Attacks by BlackTech
Detected Hints/Tags/Attributes 114/4/64
Source URLs
Redirection Url
Details Source https://jp.security.ntt/resources/EN-BlackTech_2021.pdf
URL Provider
Details Provider Source level domain
Details security.ntt jp.security.ntt
Attributes
Details Type #Events CTI Value
Details Domain 46 
jsac.jpcert.or.jp
Details Domain 71 
blogs.jpcert.or.jp
Details Domain 20 
www.seqrite.com
Details Domain 434 
medium.com
Details Domain 41 
www.freebuf.com
Details Domain 17 
vblocalhost.com
Details Domain 20 
insight-jp.nttsecurity.com
Details Domain 4127 
github.com
Details Domain 3 
volatility-labs.blogspot.com
Details Domain 15 
www.macnica.co.jp
Details Domain 18 
teamt5.org
Details Domain 2 
report.threatbook.cn
Details File 816 
index.html
Details File 31 
tmp.exe
Details File 12 
splwow64.exe
Details File 2 
encrypted.bin
Details File 5 
decrypted.bin
Details File 24 
c:\windows\system32\calc.exe
Details File 2 
c:\users\public\downloads\schmet.exe
Details File 2 
c:\programdata\schost.exe
Details File 2 
wb.dll
Details File 49 
onedrive.exe
Details File 1 
filesyncflwb.dll
Details File 2 
c:\users\public\downloads\mpetect.exe
Details File 1 
mpetect.exe
Details File 4 
jsac2022_8_hara_en.pdf
Details File 6 
gh0sttimes.html
Details File 2 
303176.html
Details File 4 
vb2021-50.pdf
Details File 1 
tscookie-loader.html
Details File 2 
malware-tscooki-7aa0.html
Details File 3 
elf-tscookie.html
Details File 2 
ivys.html
Details File 2 
ss_ta_report_2019_4.pdf
Details File 2 
elf-plead.html
Details File 2 
bl.pdf
Details Github username 4 
abhisek
Details Github username 3 
sweetsoftware
Details IPv4 3 
3.6.1.1
Details IPv4 8 
3.6.1.2
Details IPv4 3 
3.6.1.3
Details IPv4 6 
3.6.1.4
Details IPv4 2 
3.6.1.5
Details IPv4 3 
3.6.2.1
Details IPv4 3 
3.6.2.2
Details Url 4 
https://jsac.jpcert.or.jp/archive/2022/pdf/jsac2022_8_hara_en.pdf
Details Url 2 
https://blogs.jpcert.or.jp/en/2021/10/gh0sttimes.html
Details Url 4 
https://www.seqrite.com/blog/4898-2
Details Url 2 
https://medium.com/deep-learning-for-
Details Url 2 
https://www.freebuf.com/articles/system/303176.html
Details Url 4 
https://vblocalhost.com/uploads/vb2021-50.pdf
Details Url 1 
https://insight-jp.nttsecurity.com/post/102hf3q/flagpro-the-new-malware-
Details Url 2 
https://github.com/abhisek/pe-
Details Url 2 
https://github.com/sweetsoftware/ares
Details Url 1 
https://blogs.jpcert.or.jp/en/2019/09/tscookie-loader.html
Details Url 2 
https://blogs.jpcert.or.jp/en/2018/03/malware-tscooki-7aa0.html
Details Url 3 
https://blogs.jpcert.or.jp/en/2020/03/elf-tscookie.html
Details Url 2 
https://volatility-labs.blogspot.com/2012/10/reverse-engineering-poison-
Details Url 2 
https://www.macnica.co.jp/business/security/manufacturers/files/mpressionc
Details Url 2 
https://teamt5.org/tw/posts/technical-analysis-on-backdoor-bifrost-of-the-
Details Url 2 
https://blogs.jpcert.or.jp/en/2020/11/elf-plead.html
Details Url 2 
http://report.threatbook.cn/bl.pdf
Details Windows Registry Key 112 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details Windows Registry Key 9 
HKCU\Environment\UserInitMprLogonScript