← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Multi-level Dropbox commands and TutorialRAT behind APT43
WHITE APT43 AlienVault 2024-04-22 Modified: 2024-05-22
32
IOCs
MEDIUM VOLUME
Genians confirmed that the APT43 group focuses on evading signature-based anti-virus detection technology by utilizing a multi-stage attack chain. In particular, tactical efforts are being made to escape the scope of threat monitoring by using DropBox cloud storage, which is widely used legally, as an attack base.
dropboxapt43babysharkkimsukyXenoRATpowershellrattutratphishing
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
XenoRAT TutRAT
Indicators of Compromise (4 / 32 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 3048657b1651e2de6180ce404f1e6093d42fd41d SHA1 of 8133c5f663f89b01b30a052749b5a988 2024-04-22
FileHash-SHA1 41c1b3fa3b5a4b1ac4f41f0da29c741b4d5f9db0 SHA1 of 2f9125a538d84dd952f72722f28575b8 2024-04-22
FileHash-SHA1 5ea5bd8ad4e34fe7a937244d3655756c2008bee4 SHA1 of 0040f03faf5bbdc555f2039a4e33a82b 2024-04-22
FileHash-SHA1 c0ecac442d2a58be19a486393e84ce68ef0b7575 SHA1 of fb5aec165279015f17b29f9f2c730976 2024-04-22
References (1)
↗ https://www.genians.co.kr/blog/threat_intelligence/dropbox