216.73.216.86

Beware of phishing attacks by APT-C-01 (Poison Ivy)

· Published 03/12/2024 16:34 · Modified 03/12/2024 16:51

Export JSON

Essential information

Published
03/12/2024 16:34
Modified
03/12/2024 16:51
Tags
2024-12-03 apt phishing poison ivy sliver rat
Related entities
7 observables, 1 intrusion sets (apt), 16 techniques (mitre), 1 malware, 4 others

Description

-C-01, known as , is a persistent threat group targeting defense, government, technology, and education sectors since 2007. They specialize in attacks, including watering hole and spear-, using personalized bait content. Recent observations show the group creating fake official websites for targeted . When victims visit these sites, malicious payloads are automatically downloaded, which further load for data theft and remote control. The attack process involves a C# loader that decrypts and loads shellcode, ultimately deploying the . The malware uses PDF icons to deceive victims and employs strong obfuscation techniques. The final payload, Sliver, is an open-source, cross-platform C2 framework with multiple communication protocols and extensive functionality.

External references