APT-C-55(Kimsuky)组织以IBM公司安全产品为诱饵的攻击活动分析

2022-11-29 Qihoo360 APT-C-55 (Kimsuky) attack campaign using IBM security products as bait

https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247491295&idx=1&sn=1811591c7c2baca6096e66b7fef1f89f&

Thumbnail for APT-C-55(Kimsuky)组织以IBM公司安全产品为诱饵的攻击活动分析

360 Threat Intelligence Center attributes an attack to APT-C-55, also known as Kimsuky, that used IBM Security Trusteer Rapport as a lure to deliver BabyShark-related components. The malicious ISO contained a BAT script and a legitimate-looking installer; execution installed the decoy product while using scripts and compromised infrastructure to download backdoor code and collect host information.

Indicators of Compromise

Type Value First Seen Last Seen
DOMAIN dusieme.com 2022-05-05 2024-05-10
HASH eab98db8071e5ac1832b6634da13ed64 2022-11-29 2022-11-29
HASH 05c7f9928b6b18cefb68fa2fe59035d3 2022-11-29 2022-11-29
HASH 127f459bcefb9f614f03876604928824 2022-11-29 2022-11-29
HASH 088bbf9fdc9445b44a0ee630d30908c7 2022-11-29 2022-11-29
HASH a0f744f700e1b81d34c3c8b90dd61dc0 2022-11-29 2022-11-29
HASH 7d412ca2addde4493799013cfe072bd6 2022-11-29 2022-11-29
HASH 55817d3a19bdc98f6466a4f3ac637e12 2022-11-29 2022-11-29
HASH 7753f37dfbc44815282433f16b56c0ce 2022-11-29 2022-11-29
HASH 0b8a41ec2711e335559ece59d01d1d37 2022-11-29 2022-11-29
HASH 4a838b5b8884eaf536e497cfc2a211bf 2022-11-29 2022-11-29
HASH 083fa7ca0ce4184bc832cf8436a1e201 2022-11-29 2022-11-29
HASH 057602b3875bac739aec46900d9654e6 2022-11-29 2022-11-29
HASH 39a328054149bdc08f67bb58751bea2b 2022-11-29 2022-11-29
HASH 4dc1943c6abe3a111a9a35317c3feae0 2022-11-29 2022-11-29
HASH c5bdafd9962673a5bc700c273af4a210 2022-11-29 2022-11-29
HASH d3d2265f42ecd36b345bc691c2e20fdd 2022-11-29 2022-11-29
HASH 6956eb082dd4ae26f8d40c1e16aa7927 2022-11-29 2022-11-29
HASH 59ae38308c5eccd90b95677808a8ac92 2022-11-29 2022-11-29
HASH 848a01cb6f704012af3bf8d56a29a945 2022-11-29 2022-11-29
HASH 36264cdc129490be44fbe65bf1c7e813 2022-11-29 2022-11-29
HASH b49f143f19de6b8c5793c3629272fdbd 2022-11-29 2022-11-29
HASH 1a1f9683c8a2d32c007eb8306463ed5d 2022-11-29 2022-11-29
HASH ab22a6c2a931096958fef73451546a1b 2022-11-29 2022-11-29
HASH 7ebca576152abb0eadb06f7fcc761c7d 2022-11-29 2022-11-29
HASH 8ea234d3f714ea83997437fd8bc03c0c 2022-11-29 2022-11-29
HASH 42931f400211f519ccede867e1d7713c 2022-11-29 2022-11-29
URL https://dusieme.com/js/cic0117/… 2022-11-29 2022-11-29
URL https://dusieme.com/panda/d.php… 2022-11-29 2022-11-29
URL https://rapportdown.lol/rapport… 2022-11-29 2022-11-29
URL https://dusieme.com/hwp/d.php?n… 2022-11-29 2022-11-29
URL https://rapportdown.lol/rapport… 2022-11-29 2022-11-29
URL https://dusieme.com/hwp/d.php?n… 2022-11-29 2022-11-29
URL https://dusieme.com/hwp/d.php?n… 2022-11-29 2022-11-29
URL http://rapportdown.lol/rapport/… 2022-11-29 2022-11-29
URL https://dusieme.com/hwp/d.php?n… 2022-11-29 2022-11-29
URL https://rapportdown.lol/rapport… 2022-11-29 2022-11-29
URL https://rapportdown.lol/rapport… 2022-11-29 2022-11-29
URL http://rapportdown.lol/rapport/… 2022-11-29 2022-11-29
URL http://rapportdown.lol/rapport/… 2022-11-29 2022-11-29
URL http://rapportdown.lol/rapport/… 2022-11-29 2022-11-29
DOMAIN rapportdown.lol 2022-11-29 2022-11-29
HASH fa935505e2a9a7de6380ab9447d07d2c 2021-07-26 2022-11-29

Related Actors

Related Reports

« Back