{
  "name": "China-Nexus Threat Group \u2018Velvet Ant\u2019 Abuses F5 Load Balancers for Persistence",
  "slug": "china-nexus-threat-group-velvet-ant-abuses-f5-load-balancers-for-persistence",
  "description": "",
  "published": "2024-06-18T19:10:06+00:00",
  "created_at": "2024-06-18T19:10:06+00:00",
  "modified_at": "2024-06-18T19:39:58+00:00",
  "created_at_opencti": "2024-06-18T19:10:06+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2024-06-18",
    "c server",
    "command",
    "earthworm",
    "f5 appliance",
    "f5 bigip",
    "guard",
    "impacket",
    "lsass",
    "plugx",
    "protect",
    "python",
    "shadowpad",
    "svchost",
    "sygnia",
    "trojan",
    "velvet ant",
    "virustotal",
    "wireshark",
    "wmiexec"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "202.61.136.158"
      },
      {
        "id": "",
        "name": "103.138.13.31"
      },
      {
        "id": "",
        "name": "http://202.61.136.158:8443"
      },
      {
        "id": "",
        "name": "3d9aaac0a8e5c7eadd79d8d5c16119d04f4e9db7107fc44a1e32a8746a1ec375"
      },
      {
        "id": "",
        "name": "91f6547bceddfb2f241570ac82c00de700e311e4a38dea60d8619638f1ed3520"
      }
    ],
    "intrusion_sets": [
      {
        "id": "26a82c44-0e9e-4dea-8278-fcf576b8a543",
        "name": "Velvet Ant",
        "slug": "velvet-ant"
      }
    ],
    "attack_patterns": [
      {
        "id": "a1de6d30-7fd6-4352-8f6c-d9904347f33f",
        "name": "T1039"
      },
      {
        "id": "0ca071fb-4f52-4672-b64a-75deff57d874",
        "name": "T1048"
      },
      {
        "id": "d5c953ff-b143-41b6-bf2d-87b829132ea5",
        "name": "T1135"
      },
      {
        "id": "c5f0558f-48a3-4714-a75c-5193d56360f9",
        "name": "T1037"
      },
      {
        "id": "f6ceeba2-b50c-47dc-8642-ab9842ca76d7",
        "name": "T1018"
      },
      {
        "id": "a2ba5594-6293-4868-928c-ab4b31927a02",
        "name": "T1572"
      },
      {
        "id": "6efb8bea-11d7-418d-a429-9f4a3e6c50f6",
        "name": "T1087"
      },
      {
        "id": "fc699aef-8931-4a79-8f79-9651be9abd50",
        "name": "T1021"
      },
      {
        "id": "dc17cbbd-40d8-43cf-b3cf-50d1276db2c7",
        "name": "T1016"
      },
      {
        "id": "53b3b18c-d0d0-4bf6-bc6b-2c0ab9180deb",
        "name": "T1070"
      },
      {
        "id": "6e4e21cc-92cf-4564-920e-d509bd22fd40",
        "name": "T1574"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      },
      {
        "id": "45082a8e-9c79-470e-ad1b-decac7188e8f",
        "name": "T1083"
      },
      {
        "id": "4cb4ee3b-b78f-45cf-bcaa-45a2aa968e56",
        "name": "T1570"
      },
      {
        "id": "67c697ce-a6cc-475f-9bee-e14c1bef7067",
        "name": "T1047"
      },
      {
        "id": "c3af9fd7-d307-4df4-9220-cc627938fb85",
        "name": "T1055"
      },
      {
        "id": "33962583-7396-47ef-913d-1db78d6685c9",
        "name": "T1569"
      },
      {
        "id": "fcd96dc0-500e-4354-bd97-5c65718a9004",
        "name": "T1562"
      },
      {
        "id": "b9eab970-53dd-4977-9a26-c4fe566e422d",
        "name": "T1133"
      },
      {
        "id": "ca53b2fa-42a8-45ec-9682-0cf54bf280f3",
        "name": "T1090"
      },
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      },
      {
        "id": "74d6e294-54d1-4a21-9dfc-df5870f8ec8e",
        "name": "T1003"
      },
      {
        "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221",
        "name": "T1059"
      }
    ]
  },
  "external_refs": [
    "https://www.sygnia.co/blog/china-nexus-threat-group-velvet-ant/",
    "https://otx.alienvault.com/pulse/6671f7ae535c8ea5406bdab2"
  ]
}