APT-C-01, known as Poison Ivy, is a persistent threat group targeting defense, government, technology, and education sectors since 2007. They specialize in phishing attacks, including watering hole and spear-phishing, using personalized bait content. Recent observations show the group creating fake official websites for targeted phishing. When victims visit these sites, malicious payloads are automatically downloaded, which further load Sliver RAT for data theft and remote control. The attack process involves a C# loader that decrypts and loads shellcode, ultimately deploying the Sliver RAT. The malware uses PDF icons to deceive victims and employs strong obfuscation techniques. The final payload, Sliver, is an open-source, cross-platform C2 framework with multiple communication protocols and extensive functionality. Author: AlienVault
Related Tags:
Sliver RAT
T1071
T1057
APT
T1083
T1105
T1082
Government
T1204
Associated Indicators:
534522B87F1158F28587F82B4DF590546A004F17A648CFCFF2BDCC5FC2CC3355
96F2394976F53BD4DA186FFA54E770E219419C6F
2880A4F00CB0531C67526D53FA9EBD3ED69453D2
3BD15B16A9595D20C0E185AB1FAE738F
88E306F4D6A33703316E794A9210F528
7F0DBA2DB8C3FDD717D83BB693B3ADE9
61C42751F6BB4EFAFEC524BE23055FBA
3A74ED8D1163D1DBC516410D1B8081FA