Analysis of Suspected APT Attack Activities by “Silver Fox”

July 10, 2024, 10:31 a.m.

Description

This document examines the recent activities of the Silver Fox cybercrime group, which has traditionally targeted financial and tax entities but has now shifted its focus towards impersonating national institutions and security companies. The analysis involves a phishing website, Winos remote control samples, a downloader trojan, and a PowerShell obfuscation tool. The group's tactics suggest a potential overlap between cybercrime and APT (Advanced Persistent Threat) operations, necessitating further monitoring.

External References

https://medium.com/@knownsec404team/analysis-of-the-suspected-apt-attack-activities-by-silver-fox-25781647da2b
https://otx.alienvault.com/pulse/668e60163787a8b24ba5517f
Tags
malware
obfuscation
apt
phishing
cybercrime
winos
2024-07-10
updatedll

Date

  • Created: July 10, 2024, 10:19 a.m.
  • Published: July 10, 2024, 10:19 a.m.
  • Modified: July 10, 2024, 10:31 a.m.

Indicators

  • https://paper.seebug.org/3192/
  • http://6014.anonymousrat7.com:80
  • http://6014.anonymousrat6.com:8888
  • http://6014.anonymousrat5.com:5555
  • 6014.anonymousrat7.com
  • 6014.anonymousrat6.com
  • 6014.anonymousrat5.com
Download all indicators here!

Attack Patterns

  • UpdateDll
  • Winos
  • Silver Fox
  • T1107
  • T1064
  • T1574.002
  • T1574
  • T1105
  • T1055
  • T1140
  • T1027
  • T1059