Shares tags: MSC, ControlPlug • Shares 12 IOCs • Same author: NTTSecurity • Published within a month
Operation ControlPlug: MSCファイルを使った標的型攻撃キャンペーン
2024-06-05 • NTTSecurity • Operation ControlPlug: Targeted Attack Campaign Using MSC Files •
Operation ControlPlug describes DarkPeony activity using MSC files as an initial attack vector against possible military and government targets in Myanmar, the Philippines, Mongolia, and Serbia. The report explains that opening the MSC file and clicking its embedded link runs PowerShell, downloads an MSI package, and executes a side-loaded payload chain involving EXE, DLL, and DAT files.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | e81982e40ee5aaed85817343464d621… | 2024-06-05 | 2024-06-13 |
| HASH | 8c9e1f17e82369d857e5bf3c41f0609… | 2024-06-05 | 2024-06-13 |
| HASH | 1cbf860e99dcd2594a9de3c616ee86c… | 2024-06-05 | 2024-06-13 |
| HASH | 54549745868b27f5e533a99b3c10f29… | 2024-06-05 | 2024-06-13 |
| HASH | f0aa5a27ea01362dce9ced3685961d5… | 2024-06-05 | 2024-06-13 |
| DOMAIN | lebohdc.com | 2024-06-05 | 2024-06-13 |
| DOMAIN | shreyaninfotech.com | 2024-06-05 | 2024-06-13 |
| DOMAIN | lifeyomi.com | 2024-06-05 | 2024-06-13 |
| DOMAIN | gulfesolutions.com | 2024-06-05 | 2024-06-13 |
| DOMAIN | buyinginfo.org | 2024-06-05 | 2024-06-13 |
| DOMAIN | versaillesinfo.com | 2024-06-05 | 2024-06-13 |
| DOMAIN | profilepimpz.com | 2024-06-03 | 2024-06-13 |
Related Reports
Shares tag: MSC • Published within a month
Shares tag: MSC • Same author: NTTSecurity
Shares tag: MSC
Shares tag: MSC
Shares tag: MSC