Update on Attacks by Threat Group APT-C-60

Nov. 5, 2025, 9:26 a.m.

Description

APT-C-60 continues to target Japan and East Asia with spear-phishing attacks impersonating job seekers. The attack flow has evolved, now directly attaching malicious VHDX files to emails. The malware, including Downloader1, Downloader2, and SpyGlace, has been updated with new features and communication methods. SpyGlace versions 3.1.12, 3.1.13, and 3.1.14 were observed, with changes in Mutex values and execution paths. The attackers use GitHub for payload distribution and employ sophisticated encoding and encryption techniques. The campaign abuses legitimate services and maintains consistent behavioral patterns despite infrastructure changes.

External References

https://blogs.jpcert.or.jp/en/2025/11/APT-C-60_update.html
https://otx.alienvault.com/pulse/690b07d26b6f30fe642910b2
Tags
rc4
github
spyglace
com hijacking
spear-phishing
recruitment
east asia
vhdx
2025-11-05
downloader1
downloader2

Date

  • Created: Nov. 5, 2025, 8:16 a.m.
  • Published: Nov. 5, 2025, 8:16 a.m.
  • Modified: Nov. 5, 2025, 9:26 a.m.

Indicators

  • f96557e8d714aa9bac8c3f112294bac28ebc81ea52775c4b8604352bbb8986b8
  • f495171e7a10fb0b45d28a5260782a8c1f7080bd1173af405476e8d3b11b21b6
  • f42d0fa77e5101f0f793e055cb963b45b36536b1835b9ea8864b4283b21bb68f
  • f102d490ad02b1588b9b76664cd715c315eaab33ac22b5d0812c092676242b15
  • ea37dfa94a63689c1195566aab3d626794adaab4d040d473d4dfbd36f1e5f237
  • e8b3b14a998ce3640a985b4559c90c31a5d7465bc5be5c6962e487172d3c9094
  • d535837fe4e5302f73b781173346fc9031d60019ea65a0e1e92e20e399a2f387
  • d287dc5264fd504b016ec7e424650e2b353946cbf14d3b285ca37d78a6fda6f4
  • c9c6960a5e6f44afda4cc01ff192d84d59c4b31f304d2aeba0ef01ae04ca7df3
  • a80848cf7d42e444b7ec1161c479b1d51167893f47d202b05f590ad24bf47942
  • 9e30df1844300032931e569b256f1a8a906a46c6a7efa960d95142d6bea05941
  • 96312254d33241ce276afc7d7e0c7da648ffe33f3b91b6e4a1810f0086df3dba
  • 94f6406a0f40fb8d84ceafaf831f20482700ee1a92f6bca1f769dff98896245c
  • 94ccdaf238a42fcc3af9ed1cae1358c05c04a8fa77011331d75825c8ac16ffd8
  • 8ea32792c1624a928e60334b715d11262ed2975fe921c5de7f4fac89f8bb2de5
  • 8b51939700c65f3cb7ccdc5ef63dba6ca5953ab5d3c255ce3ceb657e7f5bfae8
  • 7ae86f2cb0bbe344b3102d22ecfcdda889608e103e69ec92932b437674ad5d2f
  • 6d8a935f11665850c45f53dc1a3fc0b4ac9629211bd4281a4ec4343f8fa02004
  • 5da82fa87b0073de56f2b20169fa4d6ea610ed9c079def6990f4878d020c9d95
  • 669c268e4e1ced22113e5561a7d414a76fcd247189ed87a8f89fbbd61520966a
  • 57a77d8d21ef6a3458763293dbe3130dae2615a5de75cbbdf17bc61785ee79da
  • 50b40556aa7461566661d6a8b9486e5829680951b5df5b7584e0ab58f8a7e92f
  • 45c1c79064cef01b85f0a62dac368e870e8ac3023bfbb772ec6d226993dc0f87
  • 299d792c8d0d38d13af68a2467186b2f47a1834c6f2041666adafc626149edaf
  • 25f81709d914a0981716e1afba6b8b5b3163602037d466a02bc1ec97cdc2063b
  • 1e931c8aa00b7f2b3adedc5260a3b69d1ac914fe1c022db072ed45d7b2dddf6c
  • 156df8c8bea005bd7dc49eb7aca230ef85ada1c092e45bb3d69913d78c4fa1f9
  • 10278a46b13797269fd79a5f8f0bc14ff1cc5bc0ea87cdd1bbc8670c464a3cf1
  • 09fcc1dfe973a4dc91582d7a23265c0fd8fc2a011adb2528887c1e1d3a89075a
  • 048b69386410b8b7ddb7835721de0cba5945ee026a9134d425e0ba0662d9aee4
  • 185.181.230.71
Download all indicators here!

Attack Patterns

  • Downloader2
  • Downloader1
  • SpyGlace
  • APT-C-60

Additional Informations

  • Japan