APT-C-36
Associated Group Descriptions |
|
Name | Description |
---|---|
Blind Eagle | (Citation: QiAnXin APT-C-36 Feb2019) |
Techniques Used |
||||
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1059 | .005 | Command and Scripting Interpreter: Visual Basic |
APT-C-36 has embedded a VBScript within a malicious Word document which is executed upon the document opening.(Citation: QiAnXin APT-C-36 Feb2019) |
Enterprise | T1036 | .004 | Masquerading: Masquerade Task or Service |
APT-C-36 has disguised its scheduled tasks as those used by Google.(Citation: QiAnXin APT-C-36 Feb2019) |
Enterprise | T1588 | .002 | Obtain Capabilities: Tool |
APT-C-36 obtained and used a modified variant of Imminent Monitor.(Citation: QiAnXin APT-C-36 Feb2019) |
Enterprise | T1566 | .001 | Phishing: Spearphishing Attachment |
APT-C-36 has used spearphishing emails with password protected RAR attachment to avoid being detected by the email gateway.(Citation: QiAnXin APT-C-36 Feb2019) |
Enterprise | T1053 | .005 | Scheduled Task/Job: Scheduled Task |
APT-C-36 has used a macro function to set scheduled tasks, disguised as those used by Google.(Citation: QiAnXin APT-C-36 Feb2019) |
Enterprise | T1204 | .002 | User Execution: Malicious File |
APT-C-36 has prompted victims to accept macros in order to execute the subsequent payload.(Citation: QiAnXin APT-C-36 Feb2019) |
Software |
|||
ID | Name | References | Techniques |
---|---|---|---|
S0434 | Imminent Monitor | (Citation: Imminent Unit42 Dec2019) (Citation: QiAnXin APT-C-36 Feb2019) | Keylogging, Audio Capture, Native API, Deobfuscate/Decode Files or Information, Credentials from Web Browsers, Video Capture, Command and Scripting Interpreter, File and Directory Discovery, Process Discovery, Exfiltration Over C2 Channel, Compute Hijacking, Disable or Modify Tools, Obfuscated Files or Information, File Deletion, Remote Desktop Protocol, Hidden Files and Directories |
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.