Pulse Detail — Threat Intelligence

PULSE NAME

APT10 Using Cobalt Strike and Continuing to Target UK

WHITE APT10 AlienVault 2018-05-21 Modified: 2019-01-17

IOCs

LOW VOLUME

APT10 (also known as Stone Panda, MenuPass and Red Apollo) is a threat actor known to have been active since at least 2009. Since then it has targeted healthcare, defence, aerospace, government, heavy industry/mining, Managed Service Providers (MSPs) and IT industries, among many other sectors, for the likely purpose of intellectual property theft. In 2017 its targeting of several global MSPs, giving it extensive access to the networks of organisations worldwide, was widely reported by the NCSC and industry partners.

Indicators of Compromise (8)

All URL hostname FileHash-MD5 FileHash-SHA256 FileHash-SHA1

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	http://www.jadl-or.com/webui.conf	—	2018-05-21
URL	https://www.jadl-or.com/webui.conf	—	2018-05-21
hostname	www.jadl-or.com	—	2018-05-21
FileHash-MD5	246cb77ecfd0a8e62b68c76be5a6ce5c	—	2018-05-21
FileHash-MD5	9a0b957f164508830342310c44d56e49	—	2018-05-21
FileHash-MD5	ee794b3595285f2de4a618dead0287ed	—	2018-05-21
FileHash-SHA256	a9dd70d451da54f22d12335ece4117a479cc80a9983381b063e36b1dbaa06ca5	—	2018-05-21
FileHash-SHA1	d348ea7b49dee36d4f979f729e70612f9426bf3e	—	2018-05-21

References (2)

↗ https://www.lac.co.jp/lacwatch/people/20180521_001638.html ↗ https://www.ncsc.gov.uk/alerts/apt10-continuing-target-uk-organisations