APT-C-60
Essential information
- Confidence
- 100/100
- Published
- 21/12/2025 08:35
- Modified
- 21/12/2025 08:35
- Updated at
- 21/12/2025 08:35
- Revoked
- No
- Author / Source
- AlienVault
- Resource level
- —
- Primary motivation
- —
- Related entities
- 3 reports, 33 attack patterns (mitre), 4 malware, 2 countries, 39 indicators, 4 vulnerabilities (cve)
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.
Reports (3)
-
11 MITREs 3 Malwares 31 Observables 1 APT
-
19 MITREs 1 Malware 1 APT
-
5 CVEs 6 MITREs 1 Malware 5 Observables 1 APT
Attack patterns (MITRE) (33)
-
T1083 usesFile and Directory Discovery MITRE
-
T1204.001 usesMalicious Link MITRE
-
T1057 usesProcess Discovery MITRE
-
T1132.001 usesStandard Encoding MITRE
-
T1204 usesUser Execution MITRE
-
T1106 usesNative API MITRE
-
T1562.001 usesDisable or Modify Tools MITRE
-
T1218.011 usesRundll32 MITRE
-
T1021.006 usesWindows Remote Management MITRE
-
T1583.004 usesServer MITRE
-
T1059.005 usesVisual Basic MITRE
-
T1573 usesEncrypted Channel MITRE
Malware (4)
-
Downloader1 usesFamily
-
SpyGrace usesFamily
-
Downloader2 usesFamily
-
SpyGlace usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Countries (2)
-
China targets
-
Japan targets
Indicators (39)
-
http://103.187.26.176/a78550e6101938c7f5e8bfb170db4db2/result.aspindicates -
stix 100/100· Valid until 01/11/2026 · Source: AlienVault
-
http://103.187.26.176/a78550e6101938c7f5e8bfb170db4db2/command.aspindicates -
stix 100/100· Valid until 01/11/2026 · Source: AlienVault
-
stix 100/100· Valid until 01/11/2026 · Source: AlienVault
-
stix 100/100· Valid until 01/11/2026 · Source: AlienVault
-
stix 100/100· Valid until 01/11/2026 · Source: AlienVault
-
stix 100/100· Valid until 01/11/2026 · Source: AlienVault
-
stix 100/100· Valid until 01/11/2026 · Source: AlienVault
-
stix 100/100· Valid until 01/11/2026 · Source: AlienVault
-
http://103.187.26.176/a78550e6101938c7f5e8bfb170db4db2/listen.aspindicates -
stix 100/100· Valid until 01/11/2026 · Source: AlienVault
Vulnerabilities (CVE) (4)
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to …
- Attack vector
- LOCAL
- Published
- 15/08/2024
- Modified
- 21/12/2025
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor …
- Attack vector
- LOCAL
- Published
- 30/09/2024
- Modified
- 21/12/2025
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.13489 on Windows allows an attacker to load …
- Attack vector
- Local
- Published
- 03/09/2024
- Modified
- 21/12/2025
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.
- Attack vector
- NETWORK
- Published
- 23/03/2022
- Modified
- 21/12/2025