APT-C-36
Associated Group Descriptions |
|
Name | Description |
---|---|
Blind Eagle | (Citation: QiAnXin APT-C-36 Feb2019) |
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .005 | Command and Scripting Interpreter: Visual Basic |
APT-C-36 has embedded a VBScript within a malicious Word document which is executed upon the document opening.(Citation: QiAnXin APT-C-36 Feb2019) |
Enterprise | T1036 | .004 | Masquerading: Masquerade Task or Service |
APT-C-36 has disguised its scheduled tasks as those used by Google.(Citation: QiAnXin APT-C-36 Feb2019) |
Enterprise | T1588 | .002 | Obtain Capabilities: Tool |
APT-C-36 obtained and used a modified variant of Imminent Monitor.(Citation: QiAnXin APT-C-36 Feb2019) |
Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
APT-C-36 has used spearphishing emails with password protected RAR attachment to avoid being detected by the email gateway.(Citation: QiAnXin APT-C-36 Feb2019) |
Enterprise | T1053 | .005 | Scheduled Task/Job: Scheduled Task |
APT-C-36 has used a macro function to set scheduled tasks, disguised as those used by Google.(Citation: QiAnXin APT-C-36 Feb2019) |
Enterprise | T1204 | .002 | User Execution: Malicious File |
APT-C-36 has prompted victims to accept macros in order to execute the subsequent payload.(Citation: QiAnXin APT-C-36 Feb2019) |
Software |
|||
ID | Name | References | Techniques |
---|---|---|---|
S0434 | Imminent Monitor | (Citation: Imminent Unit42 Dec2019) (Citation: QiAnXin APT-C-36 Feb2019) | Native API, Credentials from Web Browsers, Deobfuscate/Decode Files or Information, Keylogging, File Deletion, Remote Desktop Protocol, Process Discovery, Command and Scripting Interpreter, Video Capture, Hidden Files and Directories, Compute Hijacking, Exfiltration Over C2 Channel, Audio Capture, Obfuscated Files or Information, File and Directory Discovery, Disable or Modify Tools |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.