THREAT OPS › Threat News › Update on Attacks by Threat Group APT-C-60
Update on Attacks by Threat Group APT-C-60
<p>In JPCERT/CC Eyes, we previously reported on attacks conducted by <a href="https://blogs.jpcert.or.jp/en/2024/12/APT-C-60.html" target="_blank">Attack Exploiting Legitimate Service by APT-C-60</a>. JPCERT/CC continues to observe similar attack activities in Japan. This report provides an update on the attacks confirmed between June and August 2025, focusing on developments since our last articl
Attributed threat actors
- DarkhotelG0012
MITRE ATT&CK techniques
Indicators of compromise
- f42d0fa77e5101f0f793e055cb963b45b36536b1835b9ea8864b4283b21bb68fsha256
- 25f81709d914a0981716e1afba6b8b5b3163602037d466a02bc1ec97cdc2063bsha256
- ea37dfa94a63689c1195566aab3d626794adaab4d040d473d4dfbd36f1e5f237sha256
- a80848cf7d42e444b7ec1161c479b1d51167893f47d202b05f590ad24bf47942sha256
- 1e931c8aa00b7f2b3adedc5260a3b69d1ac914fe1c022db072ed45d7b2dddf6csha256
- c9c6960a5e6f44afda4cc01ff192d84d59c4b31f304d2aeba0ef01ae04ca7df3sha256
- f102d490ad02b1588b9b76664cd715c315eaab33ac22b5d0812c092676242b15sha256
- 57a77d8d21ef6a3458763293dbe3130dae2615a5de75cbbdf17bc61785ee79dasha256
- 9e30df1844300032931e569b256f1a8a906a46c6a7efa960d95142d6bea05941sha256
- 96312254d33241ce276afc7d7e0c7da648ffe33f3b91b6e4a1810f0086df3dbasha256
- 669c268e4e1ced22113e5561a7d414a76fcd247189ed87a8f89fbbd61520966asha256
- f96557e8d714aa9bac8c3f112294bac28ebc81ea52775c4b8604352bbb8986b8sha256
- 8b51939700c65f3cb7ccdc5ef63dba6ca5953ab5d3c255ce3ceb657e7f5bfae8sha256
- d535837fe4e5302f73b781173346fc9031d60019ea65a0e1e92e20e399a2f387sha256
- 6d8a935f11665850c45f53dc1a3fc0b4ac9629211bd4281a4ec4343f8fa02004sha256
- d287dc5264fd504b016ec7e424650e2b353946cbf14d3b285ca37d78a6fda6f4sha256
- 10278a46b13797269fd79a5f8f0bc14ff1cc5bc0ea87cdd1bbc8670c464a3cf1sha256
- 156df8c8bea005bd7dc49eb7aca230ef85ada1c092e45bb3d69913d78c4fa1f9sha256
- 7ae86f2cb0bbe344b3102d22ecfcdda889608e103e69ec92932b437674ad5d2fsha256
- e8b3b14a998ce3640a985b4559c90c31a5d7465bc5be5c6962e487172d3c9094sha256
- 09fcc1dfe973a4dc91582d7a23265c0fd8fc2a011adb2528887c1e1d3a89075asha256
- 048b69386410b8b7ddb7835721de0cba5945ee026a9134d425e0ba0662d9aee4sha256
- f495171e7a10fb0b45d28a5260782a8c1f7080bd1173af405476e8d3b11b21b6sha256
- 8ea32792c1624a928e60334b715d11262ed2975fe921c5de7f4fac89f8bb2de5sha256
- 94ccdaf238a42fcc3af9ed1cae1358c05c04a8fa77011331d75825c8ac16ffd8sha256
- 299d792c8d0d38d13af68a2467186b2f47a1834c6f2041666adafc626149edafsha256
- 94f6406a0f40fb8d84ceafaf831f20482700ee1a92f6bca1f769dff98896245csha256
- 45c1c79064cef01b85f0a62dac368e870e8ac3023bfbb772ec6d226993dc0f87sha256
- 50b40556aa7461566661d6a8b9486e5829680951b5df5b7584e0ab58f8a7e92fsha256
- 5da82fa87b0073de56f2b20169fa4d6ea610ed9c079def6990f4878d020c9d95sha256
- b0747c82c23359d1342b47a669796989md5
- 21a44712685a8ba42985783b67883999md5
- 90b149c69b149c4b99c04d1dc9b940b9md5
- https://mp.weixin.qq.com/s/A1UhFfqnGRLsEZywvaQA4Aurl
- https://global.ptsecurity.com/en/research/pt-esc-threat-intelligence/darkhotel-a-cluster-of-groups-united-by-common-techniques/url
- https://c.statcounter.com/13139439/0/1ba1a548/1/url
- https://bitbucket.org/clouds999/glo29839/downloads/url
- https://185.181.230.71/wkdo9/4b3ru.aspurl
- https://185.181.230.71/wkdo9/t1802.aspurl
- https://185.181.230.71/wkdo9/n3tb4.aspurl
Original source: https://blogs.jpcert.or.jp/en/2025/11/APT-C-60_update.html