【辞書】

◆APT group: Mikroceen (ThaiCERT)
https://apt.thaicert.or.th/cgi-bin/showcard.cgi?g=Mikroceen

【別名】

名称	命名組織
Mikroceen	ESET
SixLittleMonkeys	Kaspersky

【概要】

項目	内容
国	中国
動機	情報窃取、スパイ活動
活動開始	2017

【使用ツール】

ツール名	備考
Gh0st RAT
logon.dll
logsupport.dll
Microcin
Mimikatz
pcaudit.bat
sqllauncher.dll

【ブログ】

◆Mikroceen: Spying backdoor leveraged in high‑profile networks in Central Asia (ESET, 2020/05/14)

ESET researchers dissect a backdoor deployed in attacks against multiple government agencies and major organizations operating in two critical infrastructure sectors in Asia

https://www.welivesecurity.com/2020/05/14/mikroceen-spying-backdoor-high-profile-networks-central-asia/
⇒ https://malware-log.hatenablog.com/entry/2020/05/14/000000_9

◆Kaspersky researchers find SixLittleMonkeys APT now applies enterprise-style programming to their malware (Kaspersky, 2020/06/19)
https://usa.kaspersky.com/about/press-releases/2020_kaspersky-researchers-find-sixlittlemonkeys-apt-now-applies-enterprise-style-programming-to-their-malware
⇒ https://malware-log.hatenablog.com/entry/2020/06/19/000000_11

◆Exchange servers under siege from at least 10 APT groups (WeLiveSecurity, 2021/03/10 14:00)
[少なくとも10のAPTグループから四面楚歌のExchangeサーバー]

ESET Research has found LuckyMouse, Tick, Winnti Group, and Calypso, among others, are likely using the recent Microsoft Exchange vulnerabilities to compromise email servers all around the world
[ESETリサーチによると、LuckyMouse、Tick、Winnti Group、Calypsoなどが、最近のMicrosoft Exchangeの脆弱性を利用して世界中のメールサーバーを危険にさらしている可能性が高いことがわかりました]

https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/
⇒ https://malware-log.hatenablog.com/entry/2021/03/10/000000_3

【関連まとめ記事】

◆全体まとめ
　◆攻撃組織 / Actor (まとめ)

◆標的型攻撃組織 / APT (まとめ)
https://malware-log.hatenablog.com/entry/APT