Extensive Analysis of APT-C-53 (Gamaredon) Group's Attack Activities
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
APT-C-53 (Gamaredon), also known as Primitive Bear, Winterflounder, and BlueAlpha, is an active APT group since 2013 targeting government, defense, diplomacy, and media sectors. The analysis reveals their use of complex techniques including malicious LNK files, XHTML files, and sophisticated phishing campaigns. Their attack vectors include email attachments with compressed files containing malicious LNK files, XHTML files that download malicious payloads, and HTA files. The group employs various obfuscation techniques and leverages PowerShell scripts for persistence and communication with command and control servers. The malware also has capabilities to infect removable drives and maintain persistence through registry modifications.
OPENCTI LABELS :
gamaredon
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Extensive Analysis of APT-C-53 (Gamaredon) Group's Attack Activities