Beyond appearances: unknown actor using APT29’s TTP against Chinese users
Tags
| country: | Russia |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Phishing - T1660 Phishing - T1566 Software - T1592.002 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 8f6db7ac-33b3-4d5c-8c3e-5a0f6e1392d8 |
| Fingerprint | a2a09a3924f70f31 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | July 7, 2023, 1:31 p.m. |
| Added to db | Oct. 23, 2023, 12:57 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Beyond appearances: unknown actor using APT29’s TTP against Chinese users |
| Title | Beyond appearances: unknown actor using APT29’s TTP against Chinese users |
| Detected Hints/Tags/Attributes | 37/3/28 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 148 | ✔ | lab52 | https://lab52.io/blog/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | info.gtjas.site |
|
| Details | File | 1 | 孙继超-北京大学-硕士.pdf |
|
| Details | File | 2 | aaa.bat |
|
| Details | File | 22 | %windir%\system32\cmd.exe |
|
| Details | File | 1 | wda.tmp |
|
| Details | File | 1 | mbp.tmp |
|
| Details | File | 9 | officeupdate.exe |
|
| Details | File | 8 | appvisvsubsystems64.dll |
|
| Details | File | 323 | winword.exe |
|
| Details | File | 1 | offceupdate.exe |
|
| Details | File | 1 | 2023年体检项目.exe |
|
| Details | File | 218 | min.js |
|
| Details | File | 1 | 北京市交通委年终总结报告-模版1.pdf |
|
| Details | sha256 | 1 | d5a8b6635240cc190bc869a2a41bc437a48bfbfcce0d218b879d9768d85d1d6f |
|
| Details | sha256 | 1 | f1f6bb1bdf41217d26ec33e00e1e52fbc479e636b5d43671736905210fc4d734 |
|
| Details | sha256 | 1 | a5a0bee3304c77bdb5b6dcc4edafbfc941cdc0b5153e3d82e2689150e83b1329 |
|
| Details | sha256 | 1 | 6b13519a3aea8747400932191048d5dab7daccb3fd45a3f5e0ffd34c32aed35d |
|
| Details | sha256 | 1 | d465f6da893f2f76cdfb7089c3b9292d09a201e7d0faefb0f88a8b8ba5fd3fba |
|
| Details | sha256 | 1 | dd657a7a3688d039f0a208f39b1128ec447689ee664c6695d5c7e384dcdc1014 |
|
| Details | sha256 | 1 | e15ee2e8ed2c3f37c1b47bf67e81aa2e89b0ce7b3159918a32da2e30420e6819 |
|
| Details | sha256 | 1 | fc6847a8b62af02c2d1eff1d77f7d8b90cbd34654aff38c671d86194d351cd6e |
|
| Details | sha256 | 1 | 4c750b8471bfec0ed2dcf1a856163601fc140eb892710b8415d505a9088bd7f3 |
|
| Details | sha256 | 1 | f7cc627464981b8918347487bdc73c2026b645fd31a1fbab4d5fcc03cbe88901 |
|
| Details | sha256 | 1 | 256357877ae60db9ad247aef686aa3aaecb7de0fdb84ed35ea91b28be9725e36 |
|
| Details | sha256 | 1 | 7ee465b6132819063b741d7f60246a539a1624e0667098bb162e22de0d06cf2e |
|
| Details | IPv4 | 1 | 123.60.168.69 |
|
| Details | Threat Actor Identifier - APT | 665 | APT29 |
|
| Details | Url | 1 | http://123.60.168.69:443/jquery-3.3.2.slim.min.js |