ioc[.]one - OSINT Cyber Threat Intelligence Database

The Evolution of APT15's Codebase 2020 - Intezer

Tags

country:	China
attack-pattern:	Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Connection Proxy - T1090 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	f9d95fb0-7bcb-4847-aeb7-b3f36ec5f7c4
Fingerprint	16f49d13d1d88293
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 21, 2020, 3:18 p.m.
Added to db	Sept. 26, 2022, 9:30 a.m.
Last updated	Nov. 18, 2024, 1:38 a.m.
Headline	The Evolution of APT15’s Codebase 2020
Title	The Evolution of APT15's Codebase 2020 - Intezer
Detected Hints/Tags/Attributes	52/2/11

Source URLs

	Redirection	Url
Details	Source	https://www.intezer.com/blog/research/the-evolution-of-apt15s-codebase-2020/

URL Provider

Details	Provider	Source level domain
Details	intezer.com	www.intezer.com

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	1		menu.thehuguardian.com
Details	Domain	1		www.thehuguardian.com
Details	Domain	1		thehuguardian.com
Details	File	1		ravaudio64.exe
Details	File	2127		cmd.exe
Details	sha256	1		271384a078f2a2f58e14d7703febae8a28c6e2d7ddb00a3c8d3eead4ea87a0c0
Details	sha256	1		aacaf0d4729dd6fda2e452be763d209f92d107ecf24d8a341947c545de9b7311
Details	sha256	2		a142625512e5372a1728595be19dbee23eea50524b4827cb64ed5aaeaaa0270b
Details	IPv4	1		45.56.84.25
Details	Threat Actor Identifier - APT	85		APT15
Details	Windows Registry Key	11		HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell