APT-C-55(Kimsuky)组织在RandomQuery活动中投递开源RAT的攻击活动分析

2024-06-12 Qihoo360 Cyber threat report on APT-C-55, RandomQuery, XenoRAT

https://mp.weixin.qq.com/s?__biz=MzUyMjk4NzExMA==&mid=2247498735&idx=1&sn=a0f713dddc2c2c69beca6137980dd27e

Thumbnail for APT-C-55(Kimsuky)组织在RandomQuery活动中投递开源RAT的攻击活动分析

APT-C-55, also known as Kimsuky, Mystery Baby, Baby Coin, Smoke Screen, BabyShark, and Cobra Venom, used the RandomQuery campaign to deliver open-source RAT components. The report describes malicious HTML email attachments that release LNK files and decoy documents, targeting think tanks, diplomatic government departments, media, and academic institutions for intelligence theft.

Indicators of Compromise

Type Value First Seen Last Seen
HASH 19e1c76a08d3fd24ff1c72da32e7fdaf 2024-06-12 2024-06-12
HASH 5954aa40e39ee2bfb9e37d183d4a97aa 2024-06-12 2024-06-12
HASH a9e22a26b8358b7b34d327032803bbbb 2024-06-12 2024-06-12
HASH 337d16c94cc0c568643a7085cf6e5ea2 2024-06-12 2024-06-12
HASH 445bc31261e2a8c59094674f2a6cec04 2024-06-12 2024-06-12
HASH 329d79e4274292a3e01031b70aee9d48 2024-06-12 2024-06-12
HASH 583d281651c98cb04b6ed8f059f97dcc 2024-06-12 2024-06-12
HASH b9898e8e5b6494bcc219462c6be7c248 2024-04-17 2024-06-12
HASH d19253d84c6cb8fb6064e6d33bed556f 2024-04-17 2024-06-12
HASH 0040f03faf5bbdc555f2039a4e33a82b 2024-01-30 2024-06-12

Related Actors

Related Reports

« Back