Today > vulnerabilities   -   You can now download lists of IOCs here!

Analysis of Golang Payload and Information Theft Campaign

July 30, 2024, 4:32 p.m.

Tags
malware
apt
espionage
pakistan
exfiltration
golang
2024-07-30
quasar
client.exe
winver.exe
External References
Description

The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically targeted Pakistan and surrounding nations. The campaign employed a novel Golang malware payload and Quasar RAT to gather sensitive information. The analysis covers the techniques used by the malware, including command execution, screen capturing, and data exfiltration via encrypted channels. The report also provides insights into the group's evolving tactics and expanding arsenal of attack tools.

Date

Published: July 30, 2024, 4:14 p.m.

Created: July 30, 2024, 4:14 p.m.

Modified: July 30, 2024, 4:32 p.m.

Indicators

172.81.60.46

https://quranchapter.t-cdn.org/wp-includes/javascript/juicesdafekohioshfoshfhiofh/quran

https://espncrics.info/goaimdzfecbgrjjxdamdoo

https://daily-mashriq.org/goyxdrkhjilchyigflztv

http://172.81.60.46:1005

quranchapter.t-cdn.org

espncrics.info

daily-mashriq.org

Download all indicators here!

Attack Patterns

Client.exe

Winver.exe

APT-C-09 (Mozambique)

T1207

T1107

T1569.002

T1021.001

T1548.002

T1053.005

T1490

T1059.001

T1012

T1071.001

T1518.001

T1082

T1057

T1105

T1083

T1219

T1036

T1027

T1059

Additional Informations

Pakistan