Analysis report on recent phishing attacks by APT-C-48 (CNC)
Dec. 3, 2024, 4:51 p.m.
Tags
External References
Description
APT-C-48 (CNC), a South Asian government-backed APT group, has been targeting government, military, education, research, healthcare, and media sectors. They use spear-phishing emails with resume-related topics to deliver malicious payloads. The group modifies executable file icons to resemble PDF files and adds spaces to filenames to hide extensions. Upon execution, the malware downloads a decoy document and additional attack components. The sample employs anti-debugging and anti-VM techniques, self-deletion mechanisms, and establishes persistence through scheduled tasks. The attack pattern and tactics are consistent with previous APT-C-48 activities, particularly their focus on the education and research sectors.
Date
Published: Dec. 3, 2024, 4:30 p.m.
Created: Dec. 3, 2024, 4:30 p.m.
Modified: Dec. 3, 2024, 4:51 p.m.
Indicators
https://panbaiclu.com/Metadata/indexes
https://panbaiclu.com/Guide/Architecture.pdf
https://panbaiclu.com/Guide/structure
https://panbaiclu.com/APIs/BaiduSearchAPI
panbaiclu.com
Attack Patterns
APT-C-48 (CNC)
T1036.002
T1497.003
T1053.005
T1027.002
T1497.001
T1059.003
T1012
T1070.004
T1204.002
T1082
T1057
T1105
T1566.001
T1083
T1078
Additional Informations
Healthcare
Media
Defense
Education
Government