APT-C-60 continues to target Japan and East Asia with spear-phishing attacks impersonating job seekers. The attack flow has evolved, now directly attaching malicious VHDX files to emails. The malware, including Downloader1, Downloader2, and SpyGlace, has been updated with new features and communication methods. SpyGlace versions 3.1.12, 3.1.13, and 3.1.14 were observed, with changes in Mutex values and execution paths. The attackers use GitHub for payload distribution and employ sophisticated encoding and encryption techniques. The campaign abuses legitimate services and maintains consistent behavioral patterns despite infrastructure changes. Author: AlienVault
Related Tags:
Downloader2
Downloader1
recruitment
com hijacking
vhdx
east asia
SpyGlace
T1102.002
T1218.011
Associated Indicators:
25F81709D914A0981716E1AFBA6B8B5B3163602037D466A02BC1EC97CDC2063B
C9C6960A5E6F44AFDA4CC01FF192D84D59C4B31F304D2AEBA0EF01AE04CA7DF3
7AE86F2CB0BBE344B3102D22ECFCDDA889608E103E69EC92932B437674AD5D2F
D287DC5264FD504B016EC7E424650E2B353946CBF14D3B285CA37D78A6FDA6F4
6D8A935F11665850C45F53DC1A3FC0B4AC9629211BD4281A4EC4343F8FA02004
8EA32792C1624A928E60334B715D11262ED2975FE921C5DE7F4FAC89F8BB2DE5
D535837FE4E5302F73B781173346FC9031D60019EA65A0E1E92E20E399A2F387
8B51939700C65F3CB7CCDC5EF63DBA6CA5953AB5D3C255CE3CEB657E7F5BFAE8
57A77D8D21EF6A3458763293DBE3130DAE2615A5DE75CBBDF17BC61785EE79DA