APT-C-55(Kimsuky)组织利用GitHub作为载荷平台的攻击活动分析 | CTF导航
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 35fbd40c-0a81-4652-8061-07f5bc2f7e21 |
| Fingerprint | dbdc5b2edffddf22 |
| Analysis status | DONE |
| Considered CTI value | -2 |
| Text language | |
| Published | Nov. 10, 2024, midnight |
| Added to db | Nov. 15, 2024, 1:52 a.m. |
| Last updated | Nov. 15, 2024, 12:36 p.m. |
| Headline | APT-C-55(Kimsuky)组织利用GitHub作为载荷平台的攻击活动分析 |
| Title | APT-C-55(Kimsuky)组织利用GitHub作为载荷平台的攻击活动分析 | CTF导航 |
| Detected Hints/Tags/Attributes | 5/0/32 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.ctfiot.com/215546.html |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 426 | ✔ | CTF导航 | https://www.ctfiot.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 291 | raw.githubusercontent.com |
|
| Details | File | 1 | 김병로교수님.docx |
|
| Details | File | 3 | db.txt |
|
| Details | File | 1 | 其中db.txt |
|
| Details | File | 1 | 以从远程的github地址下载info1.txt |
|
| Details | File | 1 | up1.txt |
|
| Details | File | 1 | 和down1.txt |
|
| Details | File | 1 | down1.txt |
|
| Details | File | 1 | 解密后的info1.txt |
|
| Details | File | 1 | 并将这些信息保存到%appdata%ahnlabavira.txt |
|
| Details | File | 1 | 解密后的up1.txt |
|
| Details | File | 1 | 主要负责将包含受害者系统信息的avira.txt |
|
| Details | File | 1 | 解密后的down1.txt |
|
| Details | File | 1 | 则负责将一段powershell命令保存到%appdata%utf8settings.ini |
|
| Details | File | 1 | powershell以隐藏窗口的方式执行保存在utf8settings.ini |
|
| Details | File | 1 | 该脚本还会清理掉powershell的历史记录文件consolehost_history.txt |
|
| Details | File | 1 | 使用文件签名验证工具来验证%appdata%ahnlabavira.txt |
|
| Details | Github username | 1 | vertigose |
|
| Details | Github username | 1 | wanpaz |
|
| Details | md5 | 1 | bdb4dedc5706a88233e4f9d96d97f04f |
|
| Details | md5 | 1 | 28EBE557693B889713AC191766C62643 |
|
| Details | md5 | 1 | 1784304e486d48ee0710fd5037859209 |
|
| Details | md5 | 1 | 5f00a81c906f72821b577873b13f79d4 |
|
| Details | Threat Actor Identifier - APT-C | 15 | APT-C-55 |
|
| Details | Url | 1 | https://raw.githubusercontent.com/vertigose/risker/main/db.txt |
|
| Details | Url | 1 | https://raw.githubusercontent.com/vertigose/risker/main/info1.txt |
|
| Details | Url | 1 | https://raw.githubusercontent.com/vertigose/risker/main/down1.txt |
|
| Details | Url | 1 | https://raw.githubusercontent.com/vertigose/risker/main |
|
| Details | Url | 1 | https://raw.githubusercontent.com/wanpaz/czech/main/db.txt |
|
| Details | Url | 1 | https://raw.githubusercontent.com/wanpaz/czech/main/info1.txt |
|
| Details | Url | 1 | https://raw.githubusercontent.com/wanpaz/czech/main/down1.txt |
|
| Details | Url | 1 | https://raw.githubusercontent.com/wanpaz/czech/main/up1.txt |