Clasiopa: New Group Targets Materials Research
Contents
Clasiopa: New Group Targets Materials Research
Group uses distinct toolset but there are few clues to its origins.
A hitherto unknown attack group has been observed targeting a materials research organization in Asia. The group, which Symantec calls Clasiopa, is characterized by a distinct toolset, which includes one piece of custom malware (Backdoor.Atharvan). At present, there is no firm evidence on where Clasiopa is based or whom it acts on behalf.
Clasiopa Tactics, Techniques, and Procedures
The infection vector used by Clasiopa is unknown, although there is some evidence to suggest that the attackers gain access through brute force attacks on public facing servers.
Aside from the distinct toolset used, there were a number of attack hallmarks observed:
- The attackers checked the IP addresses of the computers they were on using: https://ifconfig.me/ip
- An attempt was made to disable Symantec Endpoint Protection (SEP) by stopping the SepMasterService. The result of this query was checked and then …
Group uses distinct toolset but there are few clues to its origins.
A hitherto unknown attack group has been observed targeting a materials research organization in Asia. The group, which Symantec calls Clasiopa, is characterized by a distinct toolset, which includes one piece of custom malware (Backdoor.Atharvan). At present, there is no firm evidence on where Clasiopa is based or whom it acts on behalf.
Clasiopa Tactics, Techniques, and Procedures
The infection vector used by Clasiopa is unknown, although there is some evidence to suggest that the attackers gain access through brute force attacks on public facing servers.
Aside from the distinct toolset used, there were a number of attack hallmarks observed:
- The attackers checked the IP addresses of the computers they were on using: https://ifconfig.me/ip
- An attempt was made to disable Symantec Endpoint Protection (SEP) by stopping the SepMasterService. The result of this query was checked and then …
IoC
0550e1731a6aa2546683617bd33311326e7b511a52968d24648ea231da55b7e5
1569074db4680a9da6687fb79d33160a72d1e20f605e661cc679eaa7ab96a2cd
38f0f2d658e09c57fc78698482f2f638843eb53412d860fb3a99bb6f51025b07
3aae54592fe902be0ca1ab29afe5980be3f96888230d5842e93b3ca230f8d18d
5b74b2176b8914b0c4e6215baab9e96d1e9a773803105cf50dac0427fac79c1b
8023b2c1ad92e6c5fec308cfafae3710a5c47b1e3a732257b69c0acf37cb435b
8aa6612c95c7cef49709596da43a0f8354f14d8c08128c4cb9b1f37e548f083b
940ab006769745b19de5e927d344c4a4f29cae08e716ee0b77115f5f2a2e3328
95f76a95adcfdd91cb626278006c164dcc46009f61f706426b135cdcfa9598e3
c94c42177d4f9385b02684777a059660ea36ce6b070c2dba367bf8da484ee275
f93ddb2377e02b0673aac6d540a558f9e47e611ab6e345a39fd9b1ba9f37cd22
1569074db4680a9da6687fb79d33160a72d1e20f605e661cc679eaa7ab96a2cd
38f0f2d658e09c57fc78698482f2f638843eb53412d860fb3a99bb6f51025b07
3aae54592fe902be0ca1ab29afe5980be3f96888230d5842e93b3ca230f8d18d
5b74b2176b8914b0c4e6215baab9e96d1e9a773803105cf50dac0427fac79c1b
8023b2c1ad92e6c5fec308cfafae3710a5c47b1e3a732257b69c0acf37cb435b
8aa6612c95c7cef49709596da43a0f8354f14d8c08128c4cb9b1f37e548f083b
940ab006769745b19de5e927d344c4a4f29cae08e716ee0b77115f5f2a2e3328
95f76a95adcfdd91cb626278006c164dcc46009f61f706426b135cdcfa9598e3
c94c42177d4f9385b02684777a059660ea36ce6b070c2dba367bf8da484ee275
f93ddb2377e02b0673aac6d540a558f9e47e611ab6e345a39fd9b1ba9f37cd22