LuckyMouse Chinese APT Malware
Chinese APT actor LuckyMouse also known as EmissaryPanda & APT27 is a campaign targeting government entities and national data center by inserting malicious scripts to compromise an official website and performing watering hole attacks.
Researchers from Kaspersky Labs said that the campaign was detected back in March 2018, but is believed to have been active since 2017. In a blog post, the team said the ongoing attack is the work of a Chinese-speaking threat group dubbed LuckyMouse, otherwise known as EmissaryPanda and APT27.
The initial infection vector used in the attack against the data center is unclear. Even when we observed LuckyMouse using weaponized documents with CVE-2017-118822 (Microsoft Office Equation Editor, widely used by Chinese-speaking actors since December 2017)
Full report here – https://securelist.com/luckymouse-hits-national-data-center/86083/
Droppers
22CBE2B0F1EF3F2B18B4C5AED6D7BB79
0D0320878946A73749111E6C94BF1525
Launcher
ac337bd5f6f18b8fe009e45d65a2b09b
HyperBro in-memory Trojan
04dece2662f648f619d9c0377a7ba7c0
Domains and IPs
bbs.sonypsps[.]com
update.iaacstudio[.]com
wh0am1.itbaydns[.]com
google-updata[.]tk
windows-updata[.]tk
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.