APT-K-47 group uses new malware tools to launch data theft attacks [Monday, February 05, 2024]

This report provides an analysis of a recent data theft campaign conducted by the APT-K-47 group, a threat actor based in South Asia. The group dep...
APT-K-47 group uses new malware tools to launch data theft attacks [Monday, February 05, 2024]
APT-K-47 group uses new malware tools to launch data theft attacks

APT-K-47 group uses new malware tools to launch data theft attacks

Description :
This report provides an analysis of a recent data theft campaign conducted by the APT-K-47 group, a threat actor based in South Asia. The group deployed new and previously undisclosed malware tools, including WalkerShell, DemoTrySpy, NixBackdoor and Nimbo-C2, to compromise targets and steal sensitive data. After gaining initial access, the attackers downloaded additional payloads like ORPCBackdoor to establish persistence. The campaign targeted organizations in countries like Russia, Pakistan, Bangladesh and the United States across multiple industries. The attackers were able to traverse file systems to exfiltrate documents of interest and steal browser passwords. The report examines the new malware tools in detail, including their capabilities and role in the attack chain.

Published Created Modified
2024-02-05 17:40:14 2024-02-05 17:40:14 2024-02-06 09:09:45

Tags

Indicators

Domains : Malwares :
  • Nimbo-C2
  • WalkerShell
  • DemoTrySpy
  • NixBackdoor
  • ORPCBackdoor
Hashes :
  • 85a6ac13510983b3a29ccb2527679d91c86c1f91fdfee68913bc5d3d01eeda2b
  • c4817f3c3777b063f0adbc1c8e4671da533f716bab7ad2c4b9bc87295df67334
  • 74ba5883d989566a94e7c6c217b17102f054ffbe98bc9c878a7f700f9809e910
  • b087a214fb40e9f8e7b21a8f36cabd53fee32f79a01d05d31476e249b6f472ca
Intrusion set :
  • APT-K-47
Location :
  • Bangladesh
  • Pakistan
  • Russian Federation
MITRE ATT&CK Techniques : Other observables :
  • Technology
  • Defense
  • Government

External References

You can download the txt file containing the indicators by clicking on the button below:

About the author
Julien B.

Securitricks

Up-to-Date Cybersecurity Insights & Malware Reports

Securitricks

Great! You’ve successfully signed up.

Welcome back! You've successfully signed in.

You've successfully subscribed to Securitricks.

Success! Check your email for magic link to sign-in.

Success! Your billing info has been updated.

Your billing was not updated.