Pulse Detail — Threat Intelligence

PULSE NAME

Operation RestyLink: APT campaign targeting Japanese companies

WHITE APT29 caralin0702 2022-05-17 Modified: 2022-06-16

IOCs

MEDIUM VOLUME

An APT campaign targeting Japanese companies started in mid-April 2022 and may have performed a similar attack around October 2021, according to NTT Security Japan's research team and its security analyst Rintaro Koike.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1547 T1566 T1059 T1033

MALWARE FAMILIES

Cobalt Strike Golang

Indicators of Compromise (18)

All URL domain email hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://passle.net	—	2022-05-17
URL	https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/	—	2022-05-17
URL	https://stairwell.com/news/threat-research-the-ink-stained-trail-of-goldbackdoor/	—	2022-05-17
URL	https://www.macnica.co.jp/business/security/manufacturers/files/mpressioncss_ta_report_2019_2_nopw.pdf	—	2022-05-17
URL	https://www.macnica.co.jp/business/security/manufacturers/files/mpressioncss_ta_report_2020_5_en.pdf	—	2022-05-17
URL	https://www.passle.net/Content/Images/passle_logo-186px.png	—	2022-05-17
domain	differentfor.com	—	2022-05-17
domain	disknxt.com	—	2022-05-17
domain	officehoster.com	—	2022-05-17
domain	passle.net	—	2022-05-17
domain	spffusa.org	—	2022-05-17
domain	sseekk.xyz	—	2022-05-17
domain	stairwell.com	—	2022-05-17
domain	youmiuri.com	—	2022-05-17
email	sales@passle.net	—	2022-05-17
hostname	www.macnica.co.jp	—	2022-05-17
hostname	www.passle.net	—	2022-05-17
hostname	www.volexity.com	—	2022-05-17

References (1)

↗ https://insight-jp.nttsecurity.com/post/102hojk/operation-restylink-apt-campaign-targeting-japanese-companies