From 1c9c0ba3aafbd779cd1044b67611282c525f4100 Mon Sep 17 00:00:00 2001 From: junk Date: Thu, 9 Jan 2025 17:00:25 -0500 Subject: [PATCH] Update apts/blacktech/info.md --- apts/blacktech/info.md | 69 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 68 insertions(+), 1 deletion(-) diff --git a/apts/blacktech/info.md b/apts/blacktech/info.md index e457620..323d56c 100644 --- a/apts/blacktech/info.md +++ b/apts/blacktech/info.md @@ -1,3 +1,17 @@ +# Blacktech, Palmerworm + + +# software +Flagpro +Kivars +PLEAD +PsExec +TSCookie +Waterbear + + + + [1] ``` 28ca0c218e14041b9f32a0b9a17d6ee5804e4ff52e9ef228a1f0f8b00ba24c11 @@ -33,4 +47,57 @@ loop.microsoftmse.com 45.77.181.203 ``` -[1]: https://www.security.com/threat-intelligence/palmerworm-blacktech-espionage-apt \ No newline at end of file + +[2] +``` +CVE-2015-5119, patched by Adobe last July, 2015 +CVE-2012-0158, patched by Microsoft last April, 2012 +CVE-2014-6352, patched by Microsoft last October, 2014 +CVE-2017-0199, patched by Microsoft last April, 2017 + +itaiwans[.]com +microsoftmse[.]com +211[.]72[.]242[.]120 +``` + + + + +[3] +``` +649675baef92381ffcdfa42e8959015e83c1ab1c7bbfd64635ce5f6f65efd651 BKDR_WATERBEAR.ZTGF +3909e837f3a96736947e387a84bb57e57974db9b77fb1d8fa5d808a89f9a401b TROJ_WATERBEAR.ZTGD +fcfdd079b5861c0192e559c80e8f393b16ba419186066a21aab0294327ea9e58 TROJ_WATERBEAR.ZTGJ +3f26a971e393d7f6ce7bf4416abdbfa1def843a0cf74d8b7bb841ca90f5c9ed9 TROJ_WATERBEAR.ZTGH +abb91dfd95d11a232375d6b5cdf94b0f7afb9683fb7af3e50bcecdb2bd6cb035 TROJ_WATERBEAR.ZTGH +bda6812c3bbba3c885584d234be353b0a2d1b1cbd29161deab0ef8814ac1e8e1 TROJ_WATERBEAR.ZTGI +53402b662679f0bfd08de3abb064930af40ff6c9ec95469ce8489f65796e36c3 TROJ_WATERBEAR.ZTGH +f9f6bc637f59ef843bc939cb6be5000da5b9277b972904bf84586ea0a17a6000 TROJ_WATERBEAR.ZTGI +3442c076c8824d5da065616063a6520ee1d9385d327779b5465292ac978dec26 BKDR_WATERBEAR.ZTGD +7858171120792e5c98cfa75ccde7cba49e62a2aeb32ed62322aae0a80a50f1ea TROJ64_WATERBEAR.ZTGI +acb2abc7fb44c2fdea0b65706d1e8b4c0bfb20e4bd4dcee5b95b346a60c6bd31 BKDR_WATERBEARENC.ZTGF +b9f3a3b9452a396c3ba0ce4a644dd2b7f494905e820e7b1c6dca2fdcce069361 BKDR64_WATERBEAR.ZTGD +7c0d2782a33debb65b488893705e71a001ea06c4eb4fe88571639ed71ac85cdd BKDR_WATERBEARENC.ZTGH +c7c7b2270767aaa2d66018894a7425ba6192730b4fe2130d290cd46af5cc0b7b BKDR_WATERBEARENC.ZTGI +7532fe7a16ba1db4d5e8d47de04b292d94882920cb672e89a48d07e77ddd0138 BKDR_WATERBEARENC.ZTGI +dea5c564c9d961ccf2ed535139fbfca4f1727373504f2972ac92acfaf21da831 BKDR_WATERBEARENC.ZTGI +05d0ab2fbeb7e0ba7547afb013d307d32588704daac9c12002a690e5c1cde3a4 BKDR64_WATERBEARENC.ZTGJ +39668008deb49a9b9a033fd01e0ea7c5243ad958afd82f79c1665fb73c7cfadf BKDR_WATERBEARENC.ZTGD +``` + + + + + + + + + + + + + + +[1]: https://www.security.com/threat-intelligence/palmerworm-blacktech-espionage-apt +[2]: https://www.trendmicro.com/en_us/research/17/f/following-trail-blacktech-cyber-espionage-campaigns.html +[3]: https://www.trendmicro.com/en_us/research/19/l/waterbear-is-back-uses-api-hooking-to-evade-security-product-detection.html \ No newline at end of file