← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Operation RestyLink: APT campaign targeting Japanese companies
WHITE APT29 AlienVault 2022-05-17 Modified: 2022-06-16
6
IOCs
LOW VOLUME
NTT SOC observed APT campaign targeting Japanese companies starting from mid of April 2022. They think that this campaign had already started in March 2022 and related attack might have performed around October 2021. It implies that this campaign is not temporary nor intensive, and it could continue from here forward.
APTJapanspear phishingemailLNKmalicious document
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (6)
All domain
TYPEINDICATORDESCRIPTIONCREATED
domain differentfor.com 2022-05-17
domain disknxt.com 2022-05-17
domain officehoster.com 2022-05-17
domain spffusa.org 2022-05-17
domain sseekk.xyz 2022-05-17
domain youmiuri.com 2022-05-17
References (1)
↗ https://insight-jp.nttsecurity.com/post/102hojk/operation-restylink-apt-campaign-targeting-japanese-companies