东南亚地区的新晋势力:新APT组织Saaiwc Group针对东南亚军事、财政等多部门的攻击活动分析
Tags
attack-pattern: Model Software - T1592.002
Show in Graph
Common Information
Type Value
UUID b79051c4-0e75-42e7-b786-0698d64776a7
Fingerprint dfbfdcc4399ea1f8
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 25, 2022, midnight
Added to db June 1, 2023, 10:48 a.m.
Last updated Nov. 15, 2024, 1:37 p.m.
Headline 东南亚地区的新晋势力:新APT组织Saaiwc Group针对东南亚军事、财政等多部门的攻击活动分析
Title 东南亚地区的新晋势力:新APT组织Saaiwc Group针对东南亚军事、财政等多部门的攻击活动分析
Detected Hints/Tags/Attributes 11/1/27
Source URLs
Redirection Url
Details Source https://mp.weixin.qq.com/s/G3gUjg9WC96NW4cRPww6gw
URL Provider
Details Provider Source level domain
Details qq.com mp.weixin.qq.com
Attributes
Details Type #Events CTI Value
Details CVE 269 
cve-2017-0199
Details Domain 291 
raw.githubusercontent.com
Details Domain 7 
ti.dbappsecurity.com.cn
Details File 2 
22.pdf
Details File 1 
202220221003_18510684.pdf
Details File 1 
mef_password_policy_v001.iso
Details File 1 
尝试解压%temp%目录下的xxx.zip
Details File 5 
xxx.gif
Details File 1 
创建bat文件system.bat
Details File 22 
dism.exe
Details File 1 
用于启动xxx.gif
Details File 1 
中的dism.exe
Details File 1 
创建lnk文件用于启动system.bat
Details File 1 
ip.reg
Details File 1 
恶意文件启动后利用dll劫持加载目录中dismcore.dll
Details File 1 
随后解密同目录下的dism.sys
Details File 1 
application-form-yseali-academic-fellowship.iso
Details File 7 
ti.db
Details Github username 3 
efimovah
Details md5 2 
edcd5ff1c2af9451405d430052c60660
Details md5 2 
a6e085c099d681a71b937631a5e88c06
Details md5 2 
c6abce3f12c14b7804a2532a3f5199b7
Details md5 2 
f02a96b84231da7626399ff1ca6fb33f
Details Threat Actor Identifier - APT-LY 2 
APT-LY-1005
Details Url 3 
https://raw.githubusercontent.com/efimovah/abcd/main/xxx.gif
Details Url 1 
https://github.com/efimovah/abcd
Details Url 2 
https://ti.dbappsecurity.com.cn/sandbox