The APT-C-60 group targeted organizations in Japan and East Asia with a sophisticated attack campaign. The attack begins with a phishing email containing a Google Drive link to download a VHDX file. This file includes an LNK file that executes a downloader, which then retrieves a backdoor called SpyGrace. The attackers use legitimate services like Bitbucket and StatCounter for command and control. The malware achieves persistence through COM hijacking and employs various techniques to evade detection. The campaign likely targeted multiple East Asian countries, using similar tactics across different attacks. Author: AlienVault
Related Tags:
vhdx
east asia
statcounter
SpyGrace
T1021.006
T1070.004
bitbucket
downloader
lnk
Associated Indicators:
D94448AFD4841981B1B49ECF63DB3B63CB208853
B1E0ABFDAA655CF29B44D5848FAB253C43D5350A
8EBDDD79BB7EF1B9FCBC1651193B002BFEF598FD
783CD767B496577038EDBE926D008166EBE1BA8C
4589B97225BA3E4A4F382540318FA8CE724132D5
5ED4D42D0DCC929B7F1D29484B713B3B2DEE88E3
5D3160F01920A6B11E3A23BAEC1ED9C6D8D37A68
C198971F84A74E972142C6203761B81F8F854D2C
4508D0254431DF5A59692D7427537DF8A424DBBA