Articles Tagged with: Spear phishing
Home / Blog Archives
August 1, 2020

ELOQUENT PANDA

Eloquent Panda APT

CLICK TO VIEW YOUTUBE CHANNEL

Type: Nation state sponsored

Status: believed inactive

Preferred Attack Vector:  Spear Phishing

TTP:

August 1, 2020

SUCKFLY APT

Suckfly APT

Your consent is required to display this content from youtube - Privacy Settings
Click to Share This Post

Type: Cyber espionage/ Cyber criminal

Status: Active

Active Since/Discovered: 2014/2015

Last Report: June 2016

Targets: US, India, Saudi Arabia

Target Sectors: Healthcare, government, IT

Malware:

  • At least 45 hacking tools and custom malware
  • Backdoor.Nidiran
  • Backdoor.Nidiran!g1
  • Hacktool
    • Password theft, reconnaissance and lateral movement

Preferred Attack Vector:  Spear phishing, Watering hole attacks and exploits

TTP:

  • CVE-2014-6332
  • Custom malware signed with authentic code-signing certificates
  • Credential theft

Unique:

  • Known for stealing code-signing certificates
  • Uses many of the same malware delivery techniques as the PlugX and Korplug campaigns
  • May be associated with Blackfly
Click Here to share this post
July 31, 2020

APT12

APT12

Your consent is required to display this content from youtube - Privacy Settings
Click to Share This Post

Type: Nation-State-Sponsored

APT12 Status: Believed Inactive

APT12 Other Names: Numbered Panda/ IXESHE/ DYNCALC/ JOY RAT/ Etumbot/ Beebus/ Group 22/ TG-2754/ Calc Team/ DynCalc/ Crimson Iron/ DNSCalc

Active Since/Discovered: 10/2012 – 5/2014

Target Sectors: media outlets, high-tech companies, and government organizations

Malware:

  • Etumbot
  • Riptide
    • RIPTIDE is a proxy-aware backdoor that communicates via HTTP to a hard-coded command and control (C2) server
  • Hightide
  • ThreeByte, backdoor
  • Waterspout, backdoor
    • all variants of same backdoor, differ to avoid detection
    • enable persist presence and surveillance
  • Mswab
  • Gh0st
  • ShowNews
  • 3001

Preferred Attack Vector:  Spear phishing

TTP:

  • binary exes disguised as screensavers and PDFs
  • exploit CVE-2012-0158

Unique: Changes tools after public exposure

Click Here to share this post
© 2020 ArtOfTheHak.All Rights Reserved
Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Youtube
Consent to display content from Youtube
Vimeo
Consent to display content from Vimeo
Google Maps
Consent to display content from Google
Save