[FSec] APTFC

Newsfeed

Nachrichtenbote
"APT" is a term created by the U.S. Air Force to describe Chinese threat actors.

The most common case where term APT is used is a targeted attack. Most of which are done via spoofed email messages. Most of which contain booby-trapped document attachments. Most of which show some actual content to the victim in order to fool him to believe the document was actually useful.

Which is why it's interesting to look at the documents, as they quite often tell us more about the attackers and the victims.

Here are some recent examples of malicious document files used in APT attacks. All of these were received anonymously via sample feeds and scanner aggregationers, so we don't know who were the real targets.

486b01914ff0ce3b7274dcf5023972b1d8341ce1_1screenshot_2.png


0b13c003b80cff5090d98dad229ba1659be3b361_1screenshot_2.png


040073498337e7212068c2a8e95b2f43415d0e04_1screenshot_2.png


babce866503fbe880cdcf38f39b890ac612e6722_1screenshot_0.png


e812d3f464b7ded8b5580ea2e55497046882b684_2screenshot_2.png


ce2637890e1be18e4cbcf833626c0c0a29f79364_1screenshot_2.png


All of the above document files contain an exploit and drop a backdoor when viewed.

These files are blocked by F-Secure Antivirus.

Here are the SHA1 hashes of these samples:
babce866503fbe880cdcf38f39b890ac612e6722
0b13c003b80cff5090d98dad229ba1659be3b361
486b01914ff0ce3b7274dcf5023972b1d8341ce1
040073498337e7212068c2a8e95b2f43415d0e04
ce2637890e1be18e4cbcf833626c0c0a29f79364
e812d3f464b7ded8b5580ea2e55497046882b684
On 18/07/12 At 03:06 PM

Weiterlesen...
 
Zurück
Oben