Attack Exploiting Legitimate Service by APT-C-60 - JPCERT/CC Eyes
Tags
| country: | China Japan South Korea |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | d7b1e066-2756-4ff4-865b-d1e07ec22b33 |
| Fingerprint | 34841491ab730209 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Dec. 11, 2024, midnight |
| Added to db | Dec. 11, 2024, 8:08 a.m. |
| Last updated | Dec. 17, 2024, 10:59 a.m. |
| Headline | JPCERT/CC Eyes |
| Title | Attack Exploiting Legitimate Service by APT-C-60 - JPCERT/CC Eyes |
| Detected Hints/Tags/Attributes | 40/3/60 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blogs.jpcert.or.jp/en/2024/12/APT-C-60.html |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 62 | ✔ | JPCERT/CCブログ 英語版 | https://blogs.jpcert.or.jp/en/atom.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 5 | api.ipfy.org |
|
| Details | Domain | 4 | threatbook.io |
|
| Details | Domain | 227 | mp.weixin.qq.com |
|
| Details | Domain | 20 | statcounter.com |
|
| Details | Domain | 92 | bitbucket.org |
|
| Details | File | 4 | ipml.txt |
|
| Details | File | 14 | git.exe |
|
| Details | File | 9 | securebootuefi.dat |
|
| Details | File | 5 | service.dat |
|
| Details | File | 2 | %userprofile%\appdata\local\microsoft\windows\shell\service.dat |
|
| Details | File | 5 | cbmp.txt |
|
| Details | File | 5 | icon.txt |
|
| Details | File | 5 | cn.dat |
|
| Details | File | 5 | sp.dat |
|
| Details | File | 3 | command.asp |
|
| Details | File | 6 | update.asp |
|
| Details | File | 4 | result.asp |
|
| Details | File | 2 | server.asp |
|
| Details | File | 2 | listen.asp |
|
| Details | File | 3 | rapd.txt |
|
| Details | md5 | 4 | a78550e6101938c7f5e8bfb170db4db2 |
|
| Details | sha1 | 4 | 8ebddd79bb7ef1b9fcbc1651193b002bfef598fd |
|
| Details | sha1 | 4 | fd6c16a31f96e0fd65db5360a8b5c179a32e3b8e |
|
| Details | sha1 | 4 | 4508d0254431df5a59692d7427537df8a424dbba |
|
| Details | sha1 | 4 | 7e8aeba19d804b8f2e7bffa7c6e4916cf3dbee62 |
|
| Details | sha1 | 4 | c198971f84a74e972142c6203761b81f8f854d2c |
|
| Details | sha1 | 4 | 6cf281fc9795d5e94054cfe222994209779d0ba6 |
|
| Details | sha1 | 4 | cc9cd337b28752b8ba1f41f773a3eac1876d8233 |
|
| Details | sha1 | 4 | 5ed4d42d0dcc929b7f1d29484b713b3b2dee88e3 |
|
| Details | sha1 | 4 | 8abd64e0c4515d27fae4de74841e66cfc4371575 |
|
| Details | sha1 | 4 | 3affa67bc7789fd349f8a6c9e28fa1f0c453651f |
|
| Details | sha1 | 5 | fadd8a6c816bebe3924e0b4542549f55c5283db8 |
|
| Details | sha1 | 4 | 4589b97225ba3e4a4f382540318fa8ce724132d5 |
|
| Details | sha1 | 4 | 1e5920a6b79a93b1fa8daca32e13d1872da208ee |
|
| Details | sha1 | 4 | 783cd767b496577038edbe926d008166ebe1ba8c |
|
| Details | sha1 | 4 | 79e41b93b540f6747d0d2c3a22fd45ab0eac09ab |
|
| Details | sha1 | 4 | 65300576ba66f199fca182c7002cb6701106f91c |
|
| Details | sha1 | 4 | d94448afd4841981b1b49ecf63db3b63cb208853 |
|
| Details | sha1 | 4 | b1e0abfdaa655cf29b44d5848fab253c43d5350a |
|
| Details | sha1 | 4 | 33dba9c156f6ceda40aefa059dea6ef19a767ab2 |
|
| Details | sha1 | 5 | 5d3160f01920a6b11e3a23baec1ed9c6d8d37a68 |
|
| Details | sha1 | 4 | 0830ef2fe7813ccf6821cad71a22e4384b4d02b4 |
|
| Details | IPv4 | 6 | 103.187.26.176 |
|
| Details | IPv4 | 4 | 103.6.244.46 |
|
| Details | Threat Actor Identifier - APT-C | 46 | APT-C-60 |
|
| Details | Url | 2 | https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-spy-group-exploits-wps-office-zero-day-analysis-uncovers-a-second-vulnerability |
|
| Details | Url | 2 | https://threatbook.io/blog/analysis-of-apt-c-60-attack-on-south-korea |
|
| Details | Url | 3 | https://mp.weixin.qq.com/s/qsgzog-0rzfxen4hfj9rlw |
|
| Details | Url | 3 | http://103.187.26.176/a78550e6101938c7f5e8bfb170db4db2/command.asp |
|
| Details | Url | 3 | http://103.187.26.176/a78550e6101938c7f5e8bfb170db4db2/update.asp |
|
| Details | Url | 3 | http://103.187.26.176/a78550e6101938c7f5e8bfb170db4db2/result.asp |
|
| Details | Url | 3 | http://103.187.26.176/a78550e6101938c7f5e8bfb170db4db2/server.asp |
|
| Details | Url | 3 | http://103.187.26.176/a78550e6101938c7f5e8bfb170db4db2/listen.asp |
|
| Details | Url | 4 | https://c.statcounter.com/12959680/0/f1596509/1 |
|
| Details | Url | 5 | https://c.statcounter.com/13025547/0/0a557459/1 |
|
| Details | Url | 5 | https://bitbucket.org/hawnbzsd/hawnbzsd/downloads |
|
| Details | Url | 5 | https://bitbucket.org/hawnbzsd/hawnbzsd31/downloads |
|
| Details | Url | 4 | https://bitbucket.org/ffg84883/3r23ruytgfdxz/raw/8ebddd79bb7ef1b9fcbc1651193b002bfef598fd/cbmp.txt |
|
| Details | Url | 4 | https://bitbucket.org/ffg84883/3r23ruytgfdxz/raw/8ebddd79bb7ef1b9fcbc1651193b002bfef598fd/icon.txt |
|
| Details | Url | 4 | https://bitbucket.org/ffg84883/3r23ruytgfdxz/raw/8ebddd79bb7ef1b9fcbc1651193b002bfef598fd/rapd.txt |