Analysis report on recent phishing attacks by APT-C-48 (CNC)
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
APT-C-48 (CNC), a South Asian government-backed APT group, has been targeting government, military, education, research, healthcare, and media sectors. They use spear-phishing emails with resume-related topics to deliver malicious payloads. The group modifies executable file icons to resemble PDF files and adds spaces to filenames to hide extensions. Upon execution, the malware downloads a decoy document and additional attack components. The sample employs anti-debugging and anti-VM techniques, self-deletion mechanisms, and establishes persistence through scheduled tasks. The attack pattern and tactics are consistent with previous APT-C-48 activities, particularly their focus on the education and research sectors.
OPENCTI LABELS :
spear-phishing,anti-vm,anti-debugging,apt-c-48
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Analysis report on recent phishing attacks by APT-C-48 (CNC)