{
  "name": "Analysis of Suspected APT Attack Activities by \u201cSilver Fox\u201d",
  "slug": "analysis-of-suspected-apt-attack-activities-by-silver-fox",
  "description": "This document examines the recent activities of the Silver Fox cybercrime group, which has traditionally targeted financial and tax entities but has now shifted its focus towards impersonating national institutions and security companies. The analysis involves a phishing website, Winos remote control samples, a downloader trojan, and a PowerShell obfuscation tool. The group's tactics suggest a potential overlap between cybercrime and APT (Advanced Persistent Threat) operations, necessitating further monitoring.",
  "published": "2024-07-10T08:19:01+00:00",
  "created_at": "2024-07-10T08:19:01+00:00",
  "modified_at": "2024-07-10T08:31:12+00:00",
  "created_at_opencti": "2024-07-10T08:19:01+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-07-10",
    "apt",
    "cybercrime",
    "malware",
    "obfuscation",
    "phishing",
    "updatedll",
    "winos"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "https://paper.seebug.org/3192/"
      },
      {
        "id": "",
        "name": "http://6014.anonymousrat7.com:80"
      },
      {
        "id": "",
        "name": "http://6014.anonymousrat6.com:8888"
      },
      {
        "id": "",
        "name": "http://6014.anonymousrat5.com:5555"
      },
      {
        "id": "",
        "name": "6014.anonymousrat7.com"
      },
      {
        "id": "",
        "name": "6014.anonymousrat6.com"
      },
      {
        "id": "",
        "name": "6014.anonymousrat5.com"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:be8c664938da586d",
        "name": "UpdateDll",
        "slug": "updatedll"
      },
      {
        "id": "3ecc1e6c-c382-46af-93df-1a0aa8d2bc5c",
        "name": "Winos",
        "slug": "winos"
      }
    ],
    "intrusion_sets": [
      {
        "id": "9737bc5a-30ea-42a9-8733-7a4540a14ef2",
        "name": "Silver Fox",
        "slug": "silver-fox"
      }
    ],
    "attack_patterns": [
      {
        "id": "384655c4-b8b6-4062-93f3-bfe57dd27370",
        "name": "T1107"
      },
      {
        "id": "4d36ebe8-4925-419a-bdd5-73f6427a975d",
        "name": "T1064"
      },
      {
        "id": "e8422fc8-8365-4a6a-a556-d6ec16cb4e5d",
        "name": "T1574.002"
      },
      {
        "id": "6e4e21cc-92cf-4564-920e-d509bd22fd40",
        "name": "T1574"
      },
      {
        "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571",
        "name": "T1105"
      },
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "0156fcda-e385-4662-b388-086c3e16feec",
        "name": "T1140"
      },
      {
        "id": "0c836307-129e-4ff7-a532-180c633cacba",
        "name": "T1027"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ]
  },
  "external_refs": [
    "https://medium.com/@knownsec404team/analysis-of-the-suspected-apt-attack-activities-by-silver-fox-25781647da2b",
    "https://otx.alienvault.com/pulse/668e60163787a8b24ba5517f"
  ]
}