APT-C-60
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 08:35
- Modified
- 21/12/2025 08:35
- Updated at
- 21/12/2025 08:35
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 3 reports, 33 attack patterns (mitre), 4 malware, 2 countries, 39 indicators, 4 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (3)
-
11 MITREs 3 Malwares 31 Observables 1 APTPublished 05/11/2025 08:16 · Modified 05/11/2025 09:26
-
19 MITREs 1 Malware 1 APTPublished 27/11/2024 18:36 · Modified 29/11/2024 13:34
-
5 CVEs 6 MITREs 1 Malware 5 Observables 1 APTPublished 30/08/2024 17:48 · Modified 30/08/2024 18:08
Attack patterns (MITRE) (33)
-
T1071 usesApplication Layer Protocol
-
T1113 usesScreen Capture
-
Exploits usesT1587.004
-
T1036 usesMasquerading
-
T1583.001 usesDomains
-
T1566 usesPhishing
-
T1553.005 usesMark-of-the-Web Bypass
-
T1105 usesIngress Tool Transfer
-
T1204.002 usesMalicious File
-
T1547.001 usesRegistry Run Keys / Startup Folder
-
T1203 usesExploitation for Client Execution
-
T1566.001 usesSpearphishing Attachment
Malware (4)
-
Downloader1 usesFamilyPublished 05/11/2025 08:16 · Modified 05/11/2025 08:16
-
SpyGrace usesFamilyPublished 27/11/2024 18:36 · Modified 27/11/2024 18:36
-
Downloader2 usesFamilyPublished 05/11/2025 08:16 · Modified 05/11/2025 08:16
-
SpyGlace usesFamilyPublished 05/11/2025 08:16 · Modified 05/11/2025 08:16
Countries (2)
- China targets
- Japan targets
Indicators (39)
-
http://103.187.26.176/a78550e6101938c7f5e8bfb170db4db2/result.aspindicates -
8b51939700c65f3cb7ccdc5ef63dba6ca5953ab5d3c255ce3ceb657e7f5bfae8indicates -
http://103.187.26.176/a78550e6101938c7f5e8bfb170db4db2/command.aspindicates -
09fcc1dfe973a4dc91582d7a23265c0fd8fc2a011adb2528887c1e1d3a89075aindicates -
f42d0fa77e5101f0f793e055cb963b45b36536b1835b9ea8864b4283b21bb68findicates -
50b40556aa7461566661d6a8b9486e5829680951b5df5b7584e0ab58f8a7e92findicates -
299d792c8d0d38d13af68a2467186b2f47a1834c6f2041666adafc626149edafindicates -
d535837fe4e5302f73b781173346fc9031d60019ea65a0e1e92e20e399a2f387indicates -
96312254d33241ce276afc7d7e0c7da648ffe33f3b91b6e4a1810f0086df3dbaindicates -
6d8a935f11665850c45f53dc1a3fc0b4ac9629211bd4281a4ec4343f8fa02004indicates -
http://103.187.26.176/a78550e6101938c7f5e8bfb170db4db2/listen.aspindicates -
1e931c8aa00b7f2b3adedc5260a3b69d1ac914fe1c022db072ed45d7b2dddf6cindicates
Vulnerabilities (CVE) (4)
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to …
- Attack vector
- LOCAL
- Published
- 15/08/2024
- Modified
- 21/12/2025
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor …
- Attack vector
- LOCAL
- Published
- 30/09/2024
- Modified
- 21/12/2025
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.13489 on Windows allows an attacker to load …
- Attack vector
- Local
- Published
- 03/09/2024
- Modified
- 21/12/2025
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.
- Attack vector
- NETWORK
- Published
- 23/03/2022
- Modified
- 21/12/2025