ioc[.]one - OSINT Cyber Threat Intelligence Database

The Silent Game: Sophisticated Threat Actors Targeting Gambling Industry

Tags

cmtmf-attack-pattern:	Process Injection Supply Chain Compromise
country:	China
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Model Credentials - T1589.001 Dcsync - T1003.006 Dll Search Order Hijacking - T1574.001 Exploits - T1587.004 Exploits - T1588.005 Impersonation - T1656 Ip Addresses - T1590.005 Javascript - T1059.007 Kerberoasting - T1558.003 Lsass Memory - T1003.001 Malware - T1587.001 Malware - T1588.001 Process Hollowing - T1055.012 Process Injection - T1631 Rundll32 - T1218.011 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Supply Chain Compromise - T1474 Visual Basic - T1059.005 Windows Service - T1543.003 Tool - T1588.002 Vulnerabilities - T1588.006 Dll Search Order Hijacking - T1038 Kerberoasting - T1208 Process Hollowing - T1093 Process Injection - T1055 Rundll32 - T1085 Scheduled Task - T1053 Supply Chain Compromise - T1195 Supply Chain Compromise

Show in Graph

Common Information

Type	Value
UUID	c73c3bd1-0ecb-4465-af0b-a8f9871110bb
Fingerprint	b5a0991908258581
Analysis status	DONE
Considered CTI value	2
Text language
Published	Oct. 21, 2024, 1 p.m.
Added to db	Oct. 21, 2024, 3:15 p.m.
Last updated	Nov. 17, 2024, 7:44 p.m.
Headline	The Silent Game: Sophisticated Threat Actors Targeting Gambling Industry
Title	The Silent Game: Sophisticated Threat Actors Targeting Gambling Industry
Detected Hints/Tags/Attributes	113/4/18

Source URLs

	Redirection	Url
Details	Source	https://www.securityjoes.com/post/the-silent-game-sophisticated-threat-actors-targeting-gambling-industry

URL Provider

Details	Provider	Source level domain
Details	securityjoes.com	www.securityjoes.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	371	✔	Security Joes	https://www.securityjoes.com/blog-feed.xml	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	12		securityjoes.com
Details	Domain	4127		github.com
Details	Domain	5		time.qnapntp.com
Details	Email	12		response@securityjoes.com
Details	File	240		wmic.exe
Details	File	10		tsvipsrv.dll
Details	File	748		kernel32.dll
Details	File	306		services.exe
Details	File	1122		svchost.exe
Details	File	1018		rundll32.exe
Details	File	5		texttable.xsl
Details	sha256	1		3df75113ff7a9c2158ff991e1f4e1c2dcc5bd19f41caa07f1dc0aabc4f872bed
Details	IPv4	1		192.169.7.135
Details	IPv4	2		23.163.0.12
Details	Threat Actor Identifier - APT	522		APT41
Details	Url	1		https://github.com/search?o=desc&q=pointers&s=joined&type=users&
Details	Windows Registry Key	8		HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows
Details	Yara rule	1		rule apt_41_phantom_implant { meta: author = "Felipe Duarte, Security Joes" description = "Detects APT 41 Phantom Implant" sha256_reference = "3df75113ff7a9c2158ff991e1f4e1c2dcc5bd19f41caa07f1dc0aabc4f872bed" strings: $str1 = { 8B C8 69 DB ?? ?? ?? ?? 8A C3 C1 EB 08 41 30 03 49 FF C3 48 FF C9 } condition: $str1 }