APT-C-60

Search IOCs, vulnerabilities, APT…

216.73.216.226

← Back to intrusion sets

· Published 21/12/2025 08:35 · Modified 21/12/2025 08:35 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 21/12/2025 08:35
Modified: 21/12/2025 08:35
Updated at: 21/12/2025 08:35
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 3 reports, 33 attack patterns (mitre), 4 malware, 2 countries, 39 indicators, 4 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (3)

Update on Attacks by Threat Group APT-C-60

11 MITREs 3 Malwares 31 Observables 1 APT
Attacks by APT-C-60 Group Exploiting Legitimate Services

19 MITREs 1 Malware 1 APT
Analysis of two arbitrary code execution vulnerabilities affecting …

5 CVEs 6 MITREs 1 Malware 5 Observables 1 APT

Attack patterns (MITRE) (33)

T1071 uses

Application Layer Protocol MITRE
T1113 uses

Screen Capture MITRE
Exploits uses

T1587.004 MITRE
T1036 uses

Masquerading MITRE
T1583.001 uses

Domains MITRE
T1566 uses

Phishing MITRE
T1553.005 uses

Mark-of-the-Web Bypass MITRE
T1105 uses

Ingress Tool Transfer MITRE
T1204.002 uses

Malicious File MITRE
T1547.001 uses

Registry Run Keys / Startup Folder MITRE
T1203 uses

Exploitation for Client Execution MITRE
T1566.001 uses

Spearphishing Attachment MITRE

← Previous

Page / 3

1–12 of 33

Downloader1 uses

Family
SpyGrace uses

Family
Downloader2 uses

Family
SpyGlace uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

Countries (2)

China targets
Japan targets

Indicators (39)

f102d490ad02b1588b9b76664cd715c315eaab33ac22b5d0812c092676242b15 indicates

stix 100/100

· Valid until 01/11/2026 · Source: AlienVault
https://threatbook.io/blog/Analysis-of-APT-C-60-Attack-on-South-Korea indicates
5da82fa87b0073de56f2b20169fa4d6ea610ed9c079def6990f4878d020c9d95 indicates

stix 100/100

· Valid until 01/11/2026 · Source: AlienVault
861911e953e6fd0a015b3a91a7528a388a535c83f4b9a5cf7366b8209d2f00c3 indicates

stix 100/100 Revoked

· Valid until 03/12/2025 · Source: AlienVault
f495171e7a10fb0b45d28a5260782a8c1f7080bd1173af405476e8d3b11b21b6 indicates

stix 100/100

· Valid until 01/11/2026 · Source: AlienVault
048b69386410b8b7ddb7835721de0cba5945ee026a9134d425e0ba0662d9aee4 indicates

stix 100/100

· Valid until 01/11/2026 · Source: AlienVault
6174276f94219bc386bdc628ca18eaec261998b7bd03077562fe93c268b42446 indicates

stix 100/100 Revoked

· Valid until 03/12/2025 · Source: AlienVault
10278a46b13797269fd79a5f8f0bc14ff1cc5bc0ea87cdd1bbc8670c464a3cf1 indicates

stix 100/100

· Valid until 01/11/2026 · Source: AlienVault
ea37dfa94a63689c1195566aab3d626794adaab4d040d473d4dfbd36f1e5f237 indicates

stix 100/100

· Valid until 01/11/2026 · Source: AlienVault
57a77d8d21ef6a3458763293dbe3130dae2615a5de75cbbdf17bc61785ee79da indicates

stix 100/100

· Valid until 01/11/2026 · Source: AlienVault
http://103.187.26.176/a78550e6101938c7f5e8bfb170db4db2/update.asp indicates
f96557e8d714aa9bac8c3f112294bac28ebc81ea52775c4b8604352bbb8986b8 indicates

stix 100/100

· Valid until 01/11/2026 · Source: AlienVault

← Previous

Page / 4

13–24 of 39

Vulnerabilities (CVE) (4)

CVE-2024-7263 targets

7.8 High

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.17115 (exclusive) on Windows allows an attacker to …

Attack vector: LOCAL
Published: 15/08/2024
Modified: 21/12/2025

Undergoing Analysis

CVE-2024-7672 targets

7.8 High

A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor …

Attack vector: LOCAL
Published: 30/09/2024
Modified: 21/12/2025

Analyzed

CVE-2024-7262 KEV targets

7.8 High

Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12.2.0.13110 to 12.2.0.13489 on Windows allows an attacker to load …

Attack vector: Local
Published: 03/09/2024
Modified: 21/12/2025

Undergoing Analysis

CVE-2022-24934 targets

9.8 Critical

wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.

Attack vector: NETWORK
Published: 23/03/2022
Modified: 21/12/2025

Contact About Legal notice Privacy policy Terms of use

APT-C-60

Essential information

Description

Marking (TLP)

Related entities

Reports (3)

Attack patterns (MITRE) (33)

Malware (4)

Countries (2)

Indicators (39)

Vulnerabilities (CVE) (4)