🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
Read More
Advisory |
Adversary Intelligence |
Name |
APT38 |
Origin |
North Korea |
Target |
Financial Sectors - Banks |
Targeted Countries |
Russia, Poland, Uruguay, US, Mexico, Chile, Brazil, Turkey, India, Bangladesh, Malaysia, Taiwan, Vietnam, Philippines |
Tactics |
Techniques |
|
Initial Access |
T1189 | Drive-by Compromise |
Execution |
T1089.003 | Windows Command Shell |
Defense Evasion |
T1070.001 | Clear Windows Event Logs |
T1070.004 | File Deletion | |
T1112 | Modify Registry | |
T1027.002 | Software Packing | |
Credential Access |
T1056.001 | Keylogging |
Discovery |
T1057 | Process Discovery |
T1016 | System Network Configuration Discovery | |
Collection |
T1115 | Clipboard Data |
T10156.001 | Keylogging | |
Command and Control |
T1071.001 | Web Protocols |
T1105 | Ingress Tool Transfer | |
Impact |
T1485 | Data Destruction |
T1486 | Data Encrypted for Impact | |
T1565.001 | Stored Data Manipulation | |
T1565.002 | Transmitted Data Manipulation | |
T1565.003 | Runtime Data Manipulation | |
T1561.002 | Disk Structure Wipe | |
T1529 | System Shutdown/Reboot |
BLINDTOAD | BOOTWRECK | CHEESETRAY |
CLEANTOAD | CLOSESHAVE | DarkComet |
DYEPACK | DYEPACK.FOX | HERMES |
HOTWAX | JspSpy | KEYLIME |
MAPMAKER | NACHOCHEESE | NESTEGG |
QUICKCAFE | QUICKRIDE | QUICKRIDE.POWER |
RATANKBAPOS | RAWHIDE | REDSHAWL |
SCRUBBRUSH | SHADYCAT | SLIMDOWN |
SMOOTHRIDE | SORRYBRUTE | WHITEOUT |
WORMHOLE | Mimikatz | Net |
IPv |
67.43.239.146 |
185.62.58.207 | |
210.52.109.255 | |
210.52.109.22 | |
175.45.179.255 | |
175.45.178.222 | |
URL |
http://loneeaglerecords.com/wp-content/uploads/2020/01/images.tgz.001 |
https://loneeaglerecords.com/wp-content/uploads/2020/01/images.tgz.001 | |
Domain |
loneeaglerecords.com |
Hostname |
movis-es.ignorelist.com |
onlink.epac.to | |
pubs.ignorelist.com | |
repview.ignorelist.com | |
download.ns360.info | |
download.ns360.info | |
statis.ignorelist.com | |
geodb.ignorelist.com | |
bitdefs.ignorelist.com | |
File Hash |
fe83d95afce63e935dbe22aef40a164cee34f4e5 |
fa3deb60b8a2eaa29a7dccf14bee6adae81f442f | |
eaa2e43f075e7573c7a131e5cb4fa1ec70a90c5c | |
4862e206b9a79254f3fcc556f75711c03287f1dc | |
f05437d510287448325bac98a1378de1 | |
81f8f0526740b55fe484c42126cd8396 | |
b19984c67baee3b9274fe7d9a9073fa2 | |
024e28cb5e42eb0fe813ac9892eb7cbe | |
846d8647d27a0d729df40b13a644f3bffdc95f6d0e600f2195c85628d59f1dc6 | |
899e66ede95686a06394f707dd09b7c29af68f95d22136f0a023bfd01390ad53 | |
d3235a29d254d0b73ff8b5445c962cd3b841f487469d60a02819c0eb347111dd | |
216a83e54cac48a75b7e071d0262d98739c840fd8cd6d0b48a9c166b69acd57d | |
310f5b1bd7fb305023c955e55064e828 | |
CVE |
CVE-2017-0144 |
CVE-2016-1019 | |
CVE-2016-4119 | |
CVE-2015-8651 |