APT 41 Scraper: Breaking Down the China Chopper Web Shell – Part I

Event ID 1538 UUID 4c885688-92fe-4498-be89-69aa6bdcc5eb  Creator org CUDESO Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags misp:tool=”misp-scraper”x osint:source-type=”blog-post”x misp:event-type=”collection”x workflow:state=”complete”x tlp:whitex    Date 2013-08-07 Threat Level Medium Analysis Completed Distribution All communities    Published Yes 2022-09-21 19:38:25 #Attributes 15 (4 Objects) First recorded change 2022-09-12 20:55:18 Last change 2022-09-12 20:55:18 Modification map Sightings 0 (0) – … Read more

Dissecting PlugX to Extract Its Crown Jewels APT RAT Malware Backdoor Yara Rules IoCs LEVIATHAN

Leviathan is a Chinese state-sponsored cyber espionage group that has been attributed to the Ministry of State Security’s (MSS) Hainan State Security Department and an affiliated front company.[1] Active since at least 2009, Leviathan has targeted the following sectors: academia, aerospace/aviation, biomedical, defense industrial base, government, healthcare, manufacturing, maritime, and transportation across the US, Canada, Europe, the Middle East, … Read more

Hezb cryptomining malware with IoCs Hashes IPs Domain Names

Event ID 1530 UUID 7360197a-48e6-4792-b7c6-5d616d5c79c9  Creator org CIRCL Owner org LUNCHBOX Creator user admin@admin.test Protected Event (experimental)   Event is in unprotected mode. Tags maec-malware-behavior:maec-malware-behavior=”mine-for-cryptocurrency”x tlp:whitex misp-galaxy:threat-actor=”Hezb”x estimative-language:confidence-in-analytic-judgment=”high”x estimative-language:likelihood-probability=”almost-certain”x admiralty-scale:information-credibility=”1″x    Date 2022-09-12 Threat Level Medium Analysis Initial Distribution All communities    Published Yes 2022-10-03 17:43:24 #Attributes 615 (65 Objects) First recorded change 2022-09-12 12:43:58 Last change 2022-10-03 17:43:24 Modification map Sightings 0 (0) – … Read more