{ "name": "Update on Attacks by Threat Group APT-C-60", "slug": "update-on-attacks-by-threat-group-apt-c-60", "description": "APT-C-60 continues to target Japan and East Asia with spear-phishing attacks impersonating job seekers. The attack flow has evolved, now directly attaching malicious VHDX files to emails. The malware, including Downloader1, Downloader2, and SpyGlace, has been updated with new features and communication methods. SpyGlace versions 3.1.12, 3.1.13, and 3.1.14 were observed, with changes in Mutex values and execution paths. The attackers use GitHub for payload distribution and employ sophisticated encoding and encryption techniques. The campaign abuses legitimate services and maintains consistent behavioral patterns despite infrastructure changes.", "published": "2025-11-05T07:16:16+00:00", "created_at": "2025-11-05T07:16:16+00:00", "modified_at": "2025-11-05T08:26:14+00:00", "created_at_opencti": "2025-11-05T07:16:16+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2025-11-05", "com hijacking", "downloader1", "downloader2", "east asia", "github", "rc4", "recruitment", "spear-phishing", "spyglace", "vhdx" ], "related_entities": { "observables": [ { "id": "", "name": "185.181.230.71" }, { "id": "", "name": "f96557e8d714aa9bac8c3f112294bac28ebc81ea52775c4b8604352bbb8986b8" }, { "id": "", "name": "f495171e7a10fb0b45d28a5260782a8c1f7080bd1173af405476e8d3b11b21b6" }, { "id": "", "name": "f42d0fa77e5101f0f793e055cb963b45b36536b1835b9ea8864b4283b21bb68f" }, { "id": "", "name": "f102d490ad02b1588b9b76664cd715c315eaab33ac22b5d0812c092676242b15" }, { "id": "", "name": "ea37dfa94a63689c1195566aab3d626794adaab4d040d473d4dfbd36f1e5f237" }, { "id": "", "name": "e8b3b14a998ce3640a985b4559c90c31a5d7465bc5be5c6962e487172d3c9094" }, { "id": "", "name": "d535837fe4e5302f73b781173346fc9031d60019ea65a0e1e92e20e399a2f387" }, { "id": "", "name": "d287dc5264fd504b016ec7e424650e2b353946cbf14d3b285ca37d78a6fda6f4" }, { "id": "", "name": "c9c6960a5e6f44afda4cc01ff192d84d59c4b31f304d2aeba0ef01ae04ca7df3" }, { "id": "", "name": "a80848cf7d42e444b7ec1161c479b1d51167893f47d202b05f590ad24bf47942" }, { "id": "", "name": "9e30df1844300032931e569b256f1a8a906a46c6a7efa960d95142d6bea05941" }, { "id": "", "name": "96312254d33241ce276afc7d7e0c7da648ffe33f3b91b6e4a1810f0086df3dba" }, { "id": "", "name": "94f6406a0f40fb8d84ceafaf831f20482700ee1a92f6bca1f769dff98896245c" }, { "id": "", "name": "94ccdaf238a42fcc3af9ed1cae1358c05c04a8fa77011331d75825c8ac16ffd8" }, { "id": "", "name": "8ea32792c1624a928e60334b715d11262ed2975fe921c5de7f4fac89f8bb2de5" }, { "id": "", "name": "8b51939700c65f3cb7ccdc5ef63dba6ca5953ab5d3c255ce3ceb657e7f5bfae8" }, { "id": "", "name": "7ae86f2cb0bbe344b3102d22ecfcdda889608e103e69ec92932b437674ad5d2f" }, { "id": "", "name": "6d8a935f11665850c45f53dc1a3fc0b4ac9629211bd4281a4ec4343f8fa02004" }, { "id": "", "name": "5da82fa87b0073de56f2b20169fa4d6ea610ed9c079def6990f4878d020c9d95" }, { "id": "", "name": "669c268e4e1ced22113e5561a7d414a76fcd247189ed87a8f89fbbd61520966a" }, { "id": "", "name": "57a77d8d21ef6a3458763293dbe3130dae2615a5de75cbbdf17bc61785ee79da" }, { "id": "", "name": "50b40556aa7461566661d6a8b9486e5829680951b5df5b7584e0ab58f8a7e92f" }, { "id": "", "name": "45c1c79064cef01b85f0a62dac368e870e8ac3023bfbb772ec6d226993dc0f87" }, { "id": "", "name": "299d792c8d0d38d13af68a2467186b2f47a1834c6f2041666adafc626149edaf" }, { "id": "", "name": "25f81709d914a0981716e1afba6b8b5b3163602037d466a02bc1ec97cdc2063b" }, { "id": "", "name": "1e931c8aa00b7f2b3adedc5260a3b69d1ac914fe1c022db072ed45d7b2dddf6c" }, { "id": "", "name": "156df8c8bea005bd7dc49eb7aca230ef85ada1c092e45bb3d69913d78c4fa1f9" }, { "id": "", "name": "10278a46b13797269fd79a5f8f0bc14ff1cc5bc0ea87cdd1bbc8670c464a3cf1" }, { "id": "", "name": "09fcc1dfe973a4dc91582d7a23265c0fd8fc2a011adb2528887c1e1d3a89075a" }, { "id": "", "name": "048b69386410b8b7ddb7835721de0cba5945ee026a9134d425e0ba0662d9aee4" } ], "malware": [ { "id": "legacy:malware:ddd0b25e7685010e", "name": "Downloader2", "slug": "downloader2" }, { "id": "legacy:malware:9a9af87b7c6a6c7b", "name": "Downloader1", "slug": "downloader1" }, { "id": "7bbbb3d4-2a89-400f-9dd0-070d3feb8547", "name": "SpyGlace", "slug": "spyglace" } ], "intrusion_sets": [ { "id": "b2963eb7-04e8-4b4d-b6d0-ca0daa684e0c", "name": "APT-C-60", "slug": "apt-c-60" } ], "attack_patterns": [ { "id": "de38dd3a-41d7-4621-8a00-a32d7f0ff420", "name": "T1102.002" }, { "id": "81b422de-709e-43bd-b471-2befac0c623a", "name": "T1218.011" }, { "id": "9e784d22-5a6c-4da6-968a-5fab2f019efd", "name": "T1059.005" }, { "id": "f32c7a65-b5a5-46ec-a8c7-d06ca5d27380", "name": "T1553.005" }, { "id": "5999052b-e9ae-49e8-9235-d9bf975c22af", "name": "T1547.001" }, { "id": "eaff4611-3c78-4127-8745-726f77ed68ba", "name": "T1070.004" }, { "id": "196f2a64-c55b-47a6-8e38-beb76ba700b6", "name": "T1204.002" }, { "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571", "name": "T1105" }, { "id": "dc410646-9cdd-427b-92e7-179a54f78f90", "name": "T1566.001" }, { "id": "7d7ac733-6442-416f-8669-c302dd0843b9", "name": "T1036" }, { "id": "0c836307-129e-4ff7-a532-180c633cacba", "name": "T1027" } ], "others": [ { "id": "", "name": "Japan" } ] }, "external_refs": [ "https://blogs.jpcert.or.jp/en/2025/11/APT-C-60_update.html", "https://otx.alienvault.com/pulse/690b07d26b6f30fe642910b2" ] }