Beware of phishing attacks by APT-C-01 (Poison Ivy)
Dec. 3, 2024, 4:51 p.m.
Tags
External References
Description
APT-C-01, known as Poison Ivy, is a persistent threat group targeting defense, government, technology, and education sectors since 2007. They specialize in phishing attacks, including watering hole and spear-phishing, using personalized bait content. Recent observations show the group creating fake official websites for targeted phishing. When victims visit these sites, malicious payloads are automatically downloaded, which further load Sliver RAT for data theft and remote control. The attack process involves a C# loader that decrypts and loads shellcode, ultimately deploying the Sliver RAT. The malware uses PDF icons to deceive victims and employs strong obfuscation techniques. The final payload, Sliver, is an open-source, cross-platform C2 framework with multiple communication protocols and extensive functionality.
Date
Published: Dec. 3, 2024, 4:34 p.m.
Created: Dec. 3, 2024, 4:34 p.m.
Modified: Dec. 3, 2024, 4:51 p.m.
Indicators
a5cea89418d858bbde4a54f43587a28b55f839fc61fc0305a3fb30b277b2daa6
534522b87f1158f28587f82b4df590546a004f17a648cfcff2bdcc5fc2cc3355
158.247.208.174
128.199.134.3
165.22.97.48
caac-cn.org
caac-cn.com
Attack Patterns
Sliver RAT
APT-C-01 (Poison Ivy)
T1113
T1021
T1547
T1082
T1057
T1105
T1083
T1071
T1055
T1036
T1204
T1140
T1027
T1056
T1566
T1059
Additional Informations
Technology
Defense
Education
Government