Analysis of Suspected APT Attack Activities by “Silver Fox”

July 10, 2024, 10:31 a.m.

Description

This document examines the recent activities of the Silver Fox cybercrime group, which has traditionally targeted financial and tax entities but has now shifted its focus towards impersonating national institutions and security companies. The analysis involves a phishing website, Winos remote control samples, a downloader trojan, and a PowerShell obfuscation tool. The group's tactics suggest a potential overlap between cybercrime and APT (Advanced Persistent Threat) operations, necessitating further monitoring.

Date

Published: July 10, 2024, 10:19 a.m.

Created: July 10, 2024, 10:19 a.m.

Modified: July 10, 2024, 10:31 a.m.

Indicators

https://paper.seebug.org/3192/

http://6014.anonymousrat7.com:80

http://6014.anonymousrat6.com:8888

http://6014.anonymousrat5.com:5555

Attack Patterns

UpdateDll

Winos

Silver Fox

T1107

T1064

T1574.002

T1574

T1105

T1055

T1140

T1027

T1059