Cyber Espionage APT group using Hacking Team’s 0-day Exploit
Tags
country: Hong Kong
attack-pattern: Data Exploits - T1587.004 Exploits - T1588.005 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002
Show in Graph
Common Information
Type Value
UUID 14227990-6b1e-44fb-8fe2-5da904093f08
Fingerprint 1d701c68a03b3e07
Analysis status DONE
Considered CTI value 1
Text language
Published Aug. 14, 2015, midnight
Added to db Jan. 19, 2023, 12:03 a.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Chinese Cyber Espionage APT Group Leveraging Recently Leaked Hacking Team Exploits To Target A Financial Services Firm
Title Cyber Espionage APT group using Hacking Team’s 0-day Exploit
Detected Hints/Tags/Attributes 49/2/12
Source URLs
Redirection Url
Details Source https://www.zscaler.com/blogs/research/chinese-cyber-espionage-apt-group-leveraging-recently-leaked-hacking-team-exploits-target-financial-services-firm
URL Provider
Details Provider Source level domain
Details zscaler.com www.zscaler.com
Attributes
Details Type #Events CTI Value
Details CVE 59 
cve-2015-5119
Details Domain 36 
domaintools.com
Details Domain 2 
update.hancominc.com
Details File 1122 
svchost.exe
Details File 1 
xox.exe
Details File 2 
vpdn_lu.exe
Details File 1 
navlu.dll
Details File 1 
%appdata%\vpdn\vpdn_lu.exe
Details File 1 
%appdata%\vpdn\navlu.dll
Details File 2126 
cmd.exe
Details IPv4 1 
210.209.89.162
Details Windows Registry Key 7 
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run