Operation RestyLink: APT campaign targeting Japanese companies (via Passle)
Tags
country: China North Korea Japan South Korea Ukraine
maec-delivery-vectors: Watering Hole
attack-pattern: Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Server - T1583.004 Server - T1584.004
Show in Graph
Common Information
Type Value
UUID c81979c1-ff30-4c76-81a8-94542d5fb7d5
Fingerprint 67e898933ee790ed
Analysis status DONE
Considered CTI value 1
Text language
Published May 13, 2022, midnight
Added to db Sept. 11, 2022, 12:35 p.m.
Last updated Nov. 17, 2024, 10:40 p.m.
Headline Operation RestyLink: APT campaign targeting Japanese companies
Title Operation RestyLink: APT campaign targeting Japanese companies (via Passle)
Detected Hints/Tags/Attributes 67/3/51
Source URLs
Redirection Url
Details Source https://insight-jp.nttsecurity.com/post/102hojk/operation-restylink-apt-campaign-targeting-japanese-companies
URL Provider
Details Provider Source level domain
Details nttsecurity.com insight-jp.nttsecurity.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
differentfor.com
Details Domain 3 
disknxt.com
Details Domain 2 
officehoster.com
Details Domain 2 
youmiuri.com
Details Domain 2 
spffusa.org
Details Domain 2 
sseekk.xyz
Details Domain 2 
mbusabc.com
Details Domain 360 
attack.mitre.org
Details Domain 20 
insight-jp.nttsecurity.com
Details Domain 71 
blogs.jpcert.or.jp
Details Domain 15 
www.ipa.go.jp
Details Domain 182 
www.mandiant.com
Details Domain 59 
www.cybereason.com
Details Domain 9 
stairwell.com
Details Domain 172 
www.crowdstrike.com
Details Domain 261 
blog.talosintelligence.com
Details File 16 
scriptrunner.exe
Details File 2126 
cmd.exe
Details File 1 
darkhotel-lnk.html
Details File 2 
mpressioncss_ta_report_2019_2_nopw.pdf
Details File 2 
mpressioncss_ta_report_2020_5_en.pdf
Details File 2 
000083013.pdf
Details File 2 
000094548.pdf
Details File 8 
malware-wellmes-9b78.html
Details File 2 
mustang-panda-targets-europe.html
Details IPv4 2 
103.29.69.155
Details IPv4 3 
149.28.16.63
Details IPv4 2 
172.104.122.93
Details IPv4 2 
172.105.229.93
Details IPv4 2 
172.105.229.216
Details IPv4 2 
207.148.91.243
Details IPv4 2 
45.77.179.110
Details Threat Actor Identifier - APT 665 
APT29
Details Url 5 
https://attack.mitre.org/groups/g0012
Details Url 6 
https://insight-jp.nttsecurity.com/post/102fmlc/untitled
Details Url 1 
https://blogs.jpcert.or.jp/en/2019/06/darkhotel-lnk.html
Details Url 2 
https://www.macnica.co.jp/business/security/manufacturers/files/mpressioncss_ta_report_2019_2_nopw.pdf
Details Url 1 
https://www.macnica.co.jp/business/security/manufacturers/files/mpressioncss_ta_report_2020_5_en.pdf
Details Url 2 
https://www.ipa.go.jp/files/000083013.pdf
Details Url 2 
https://www.mandiant.com/resources/mapping-dprk-groups-to-government
Details Url 2 
https://www.ipa.go.jp/files/000094548.pdf
Details Url 1 
https://www.cybereason.com/blog/research/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite
Details Url 2 
https://stairwell.com/news/threat-research-the-ink-stained-trail-of-goldbackdoor
Details Url 11 
https://attack.mitre.org/groups/g0016
Details Url 3 
https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns
Details Url 4 
https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset
Details Url 2 
https://www.mandiant.com/resources/not-so-cozy-an-uncomfortable-examination-of-a-suspected-apt29-phishing-campaign
Details Url 8 
https://blogs.jpcert.or.jp/en/2018/07/malware-wellmes-9b78.html
Details Url 2 
https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european
Details Url 3 
https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-june-mustang-panda
Details Url 2 
https://blog.talosintelligence.com/2022/05/mustang-panda-targets-europe.html