SK Hack by an Advanced Persistent Threat
Common Information
| Type | Value |
|---|---|
| UUID | 8f3a0fb6-8f8f-4cc1-a0f5-aa6ac0a8a2b1 |
| Fingerprint | 5c3e2df657d16062ea59791a2d330c08fda778d31e1e7e7fbfae51be74705446 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | None |
| Added to db | Oct. 1, 2024, 2:31 p.m. |
| Last updated | Oct. 1, 2024, 2:37 p.m. |
| Headline | SK Hack by an Advanced Persistent Threat |
| Title | SK Hack by an Advanced Persistent Threat |
| Detected Hints/Tags/Attributes | 138/3/216 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | update.alyac.org |
|
| Details | Domain | 1 | alyac.org |
|
| Details | Domain | 1 | www.cph.com.tw |
|
| Details | Domain | 1 | cph.com.tw |
|
| Details | Domain | 1 | ro.diggfunny.com |
|
| Details | Domain | 1 | nateon.duamlive.com |
|
| Details | Domain | 1 | bbs.afbjz.com |
|
| Details | Domain | 1 | newhose.ntimobile.com |
|
| Details | Domain | 2 | www.adv138mail.com |
|
| Details | Domain | 12 | download.windowsupdate.com |
|
| Details | Domain | 5 | malc0de.com |
|
| Details | Domain | 1 | duamlive.com |
|
| Details | Domain | 1 | alyac.com |
|
| Details | Domain | 1 | trendmicros.net |
|
| Details | Domain | 1 | nprotects.org |
|
| Details | Domain | 1 | bomuls.com |
|
| Details | Domain | 132 | trendmicro.com |
|
| Details | Domain | 1 | nprotect.com |
|
| Details | Domain | 1 | bomul.com |
|
| Details | Domain | 1 | pc.nprotects.org |
|
| Details | Domain | 1 | diggfunny.com |
|
| Details | Domain | 1 | edsplan.com |
|
| Details | Domain | 1 | ezxsoft.com |
|
| Details | Domain | 1 | finalcover.com |
|
| Details | Domain | 1 | mindplat.com |
|
| Details | Domain | 1 | projectxz.com |
|
| Details | Domain | 1 | soucesp.com |
|
| Details | Domain | 1 | daumfan.com |
|
| Details | Domain | 1 | natefan.com |
|
| Details | Domain | 1 | cache.mindplat.com |
|
| Details | Domain | 1 | bbs.ezxsoft.com |
|
| Details | Domain | 1 | nprotect.org |
|
| Details | Domain | 2 | lab.com |
|
| Details | Domain | 1 | hack3r.tistory.com |
|
| Details | Domain | 4 | www.commandfive.com |
|
| Details | Domain | 16 | www.domaintools.com |
|
| Details | Domain | 1 | 40korea.com |
|
| Details | Domain | 2 | www.edaily.co.kr |
|
| Details | Domain | 2 | blog.estsoft.co.kr |
|
| Details | Domain | 1 | www.altools.co.kr |
|
| Details | Domain | 6 | www.etnews.com |
|
| Details | Domain | 2 | xml.ssdsandbox.net |
|
| Details | Domain | 3 | www.sunbeltsecurity.com |
|
| Details | Domain | 101 | www.theregister.co.uk |
|
| Details | Domain | 5 | www.hauri.co.kr |
|
| Details | Domain | 268 | www.virustotal.com |
|
| Details | Domain | 15 | www.ipa.go.jp |
|
| Details | Domain | 1 | news.mk.co.kr |
|
| Details | Domain | 9 | jsunpack.jeek.org |
|
| Details | Domain | 1 | kryo.se |
|
| Details | Domain | 3 | code.kryo.se |
|
| Details | Domain | 128 | support.microsoft.com |
|
| Details | Domain | 212 | technet.microsoft.com |
|
| Details | Domain | 3 | systemexplorer.net |
|
| Details | Domain | 2 | english.hani.co.kr |
|
| Details | Domain | 216 | www.symantec.com |
|
| Details | Domain | 641 | nvd.nist.gov |
|
| Details | Domain | 4 | www.novell.com |
|
| Details | Domain | 36 | contagiodump.blogspot.com |
|
| Details | Domain | 1 | www.samsungidc.com |
|
| Details | Domain | 1 | corp.skcomms.co.kr |
|
| Details | Domain | 3 | www.koreaherald.com |
|
| Details | Domain | 105 | web.archive.org |
|
| Details | Domain | 22 | www.threatexpert.com |
|
| Details | Domain | 3 | www.tmcnet.com |
|
| Details | Domain | 1 | expre.dyndns.tv |
|
| Details | Domain | 1 | download.windowsupdate.co |
|
| Details | Domain | 1 | commandfive.com |
|
| Details | 1 | info@commandfive.com |
||
| Details | File | 1 | alcmupdate.exe |
|
| Details | File | 1 | alad.dll |
|
| Details | File | 2 | v.bk |
|
| Details | File | 19 | x.exe |
|
| Details | File | 1 | nateon.exe |
|
| Details | File | 96 | rar.exe |
|
| Details | File | 6 | win32.pas |
|
| Details | File | 1 | winsvcfs.dll |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1 | 'nateon.exe |
|
| Details | File | 229 | advapi32.dll |
|
| Details | File | 40 | cryptbase.dll |
|
| Details | File | 76 | gdi32.dll |
|
| Details | File | 53 | iphlpapi.dll |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 45 | mpr.dll |
|
| Details | File | 80 | msvcrt.dll |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 4 | odbc32.dll |
|
| Details | File | 86 | ole32.dll |
|
| Details | File | 34 | psapi.dll |
|
| Details | File | 20 | sfc.dll |
|
| Details | File | 185 | shell32.dll |
|
| Details | File | 69 | shlwapi.dll |
|
| Details | File | 291 | user32.dll |
|
| Details | File | 37 | userenv.dll |
|
| Details | File | 89 | version.dll |
|
| Details | File | 146 | wininet.dll |
|
| Details | File | 130 | ws2_32.dll |
|
| Details | File | 41 | wtsapi32.dll |
|
| Details | File | 1 | 2500.html |
|
| Details | File | 1 | c5_apt_adecadeinreview.pdf |
|
| Details | File | 1 | notice_contents.aspx |
|
| Details | File | 1 | print.html |
|
| Details | File | 1 | md5.aspx |
|
| Details | File | 1 | sk_detail_report.pdf |
|
| Details | File | 63 | report.html |
|
| Details | File | 1 | 201106_alzip_en.html |
|
| Details | File | 2 | newsread.php |
|
| Details | File | 1205 | index.php |
|
| Details | File | 1 | 491514.html |
|
| Details | File | 31 | writeup.jsp |
|
| Details | File | 2 | home.cfm |
|
| Details | File | 1 | cite.html |
|
| Details | File | 5 | agenda.html |
|
| Details | File | 1 | notice_view.jsp |
|
| Details | File | 1 | global.htm |
|
| Details | File | 5 | detail.jsp |
|
| Details | File | 19 | report.aspx |
|
| Details | File | 1 | 5698912.htm |
|
| Details | File | 2125 | cmd.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 2 | chost.exe |
|
| Details | File | 20 | sysprep.exe |
|
| Details | File | 1 | mtx.bat |
|
| Details | File | 1 | winscard2.exe |
|
| Details | File | 1 | zhenxiang.exe |
|
| Details | File | 1 | winscard.exe |
|
| Details | File | 1 | 106140_d.bat |
|
| Details | File | 1 | tcmoniter.exe |
|
| Details | File | 1 | fbl.bat |
|
| Details | File | 1 | tcomoniter.exe |
|
| Details | File | 1 | 40984_d.bat |
|
| Details | File | 1 | wincard0.dll |
|
| Details | File | 29 | uxtheme.dll |
|
| Details | md5 | 1 | 6c6adbd087276ae89f8262582798b708 |
|
| Details | md5 | 1 | fdf2c5c2b1874efe7fd335092df2d3bc |
|
| Details | md5 | 1 | bce1069dd099f15170c5fd05bae921b5 |
|
| Details | md5 | 1 | 16a31aa8e7ddf66a31551840573b6575 |
|
| Details | md5 | 1 | aba9baea70825e6adf0723587f273dc4 |
|
| Details | sha1 | 1 | 9f5addc7e0c7c57eab347ba10e9a81a032cf0daf |
|
| Details | sha1 | 1 | f84cd73dabf186607f986df98c5402a57bb58ad1 |
|
| Details | sha1 | 1 | 2c645b8dee2789a0d5d1c1e173ca3bb6b0d0528e |
|
| Details | sha256 | 1 | 74455d5e8f99272aec64bce106b1e8ff39a122a7d27d362a274af31ab5a4fb1e |
|
| Details | sha256 | 1 | b6aecab3c07e915e27db4b4be4c32de1ffa613029818bbd1bb755653c10fbe38 |
|
| Details | IPv4 | 1 | 116.127.121.41 |
|
| Details | IPv4 | 1 | 116.127.121.109 |
|
| Details | IPv4 | 2 | 192.168.0.200 |
|
| Details | IPv4 | 1 | 121.78.237.135 |
|
| Details | IPv4 | 1 | 127.0.0.139 |
|
| Details | IPv4 | 1 | 116.127.0.0 |
|
| Details | IPv4 | 1 | 116.127.255.255 |
|
| Details | IPv4 | 1 | 116.127.121.0 |
|
| Details | IPv4 | 1 | 202.30.224.240 |
|
| Details | IPv4 | 295 | 8.8.8.8 |
|
| Details | IPv4 | 1 | 222.122.20.241 |
|
| Details | IPv4 | 1441 | 127.0.0.1 |
|
| Details | IPv4 | 1 | 220.90.209.157 |
|
| Details | IPv4 | 2 | 66.249.89.104 |
|
| Details | IPv4 | 1 | 98.126.8.230 |
|
| Details | IPv4 | 1 | 8.5.1.42 |
|
| Details | IPv4 | 1 | 192.168.10.132 |
|
| Details | IPv4 | 1 | 8.5.1.8 |
|
| Details | IPv4 | 1 | 61.19.250.219 |
|
| Details | IPv4 | 1 | 64.74.223.10 |
|
| Details | IPv4 | 1 | 69.197.132.132 |
|
| Details | IPv4 | 1 | 218.213.229.69 |
|
| Details | IPv4 | 1 | 218.213.229.68 |
|
| Details | IPv4 | 1 | 64.74.223.48 |
|
| Details | IPv4 | 1 | 8.5.1.11 |
|
| Details | IPv4 | 1 | 202.181.170.67 |
|
| Details | IPv4 | 1 | 61.82.71.30 |
|
| Details | IPv4 | 1 | 202.30.244.240 |
|
| Details | IPv4 | 2 | 112.121.171.94 |
|
| Details | Url | 1 | http://blog.xecure |
|
| Details | Url | 1 | http://hack3r.tistory.com/tag/malware |
|
| Details | Url | 1 | http://www.commandfive.com/papers/c5_apt_adecadeinreview.pdf |
|
| Details | Url | 1 | http://www.domaintools.com/research/screenshothistory/alyac.org |
|
| Details | Url | 1 | http://www.domaintools.com/research/reverse |
|
| Details | Url | 1 | http://www.edaily.co.kr/news/newsread.edy?scd=dc16&newsid=02056566596346336&dcd=a0140 |
|
| Details | Url | 1 | http://blog.estsoft.co.kr/138 |
|
| Details | Url | 1 | http://blog.estsoft.co.kr/139 |
|
| Details | Url | 1 | http://blog.estsoft.co.kr/143 |
|
| Details | Url | 1 | http://www.altools.co.kr/plaza/notice_contents.aspx?idx=828 |
|
| Details | Url | 1 | http://www.etnews.com/news/print.html?id=201108050128 |
|
| Details | Url | 1 | http://xml.ssdsandbox.net/view/6c6adbd087276ae89f8262582798b708 |
|
| Details | Url | 1 | http://xml.ssdsandbox.net/view/fdf2c5c2b1874efe7fd335092df2d3bc |
|
| Details | Url | 1 | http://xml.ssdsandbox.net/view/bce1069dd099f15170c5fd05bae921b5 |
|
| Details | Url | 1 | http://www.sunbeltsecurity.com/partnerresources/cwsandbox/md5.aspx?id=e8ee9373ee6c836042e8f |
|
| Details | Url | 1 | http://www.theregister.co.uk/2011/08/12/estsoft_korean_megahack |
|
| Details | Url | 1 | http://www.hauri.co.kr/updata/sk_detail_report.pdf |
|
| Details | Url | 1 | http://www.virustotal.com/file |
|
| Details | Url | 1 | http://www.ipa.go.jp/security/english/vuln/201106_alzip_en.html |
|
| Details | Url | 1 | http://news.mk.co.kr/english/newsread.php?sc=30800005&cm=general&year=2011&no=491540&self |
|
| Details | Url | 1 | http://jsunpack.jeek.org/dec/go?report=9f5addc7e0c7c57eab347ba10e9a81a032cf0daf |
|
| Details | Url | 1 | http://jsunpack.jeek.org/dec/go?report=f84cd73dabf186607f986df98c5402a57bb58ad1 |
|
| Details | Url | 1 | http://jsunpack.jeek.org/dec/go?report=2c645b8dee2789a0d5d1c1e173ca3bb6b0d0528e |
|
| Details | Url | 2 | http://code.kryo.se/iodine |
|
| Details | Url | 1 | http://malc0de.com/database/index.php?search=116.127.121 |
|
| Details | Url | 1 | http://support.microsoft.com/?kbid=314056 |
|
| Details | Url | 1 | http://support.microsoft.com/kb/815065 |
|
| Details | Url | 1 | http://technet.microsoft.com/en |
|
| Details | Url | 1 | http://systemexplorer.net/db/nateon.exe.html |
|
| Details | Url | 1 | http://english.hani.co.kr/arti/english_edition/e_national/491514.html |
|
| Details | Url | 3 | http://www.symantec.com/security_response/writeup.jsp?docid=2011 |
|
| Details | Url | 1 | http://nvd.nist.gov/home.cfm |
|
| Details | Url | 1 | http://www.novell.com/success/cite.html |
|
| Details | Url | 1 | http://contagiodump.blogspot.com/2011/07/jul13cve20102883pdfmeetingagenda.html |
|
| Details | Url | 1 | http://www.samsungidc.com/helpdesk/notice_view.jsp?bpd_seq=0000001532 |
|
| Details | Url | 1 | http://corp.skcomms.co.kr/eng/global.htm |
|
| Details | Url | 1 | http://www.koreaherald.com/lifestyle/detail.jsp?newsmlid=20110728000881 |
|
| Details | Url | 1 | http://web.archive.org/web/20100814135834/http://www.cph.com.tw/1jebugldgjtoajb1wnxe8a |
|
| Details | Url | 1 | http://www.threatexpert.com/report.aspx?md5=16a31aa8e7ddf66a31551840573b6575 |
|
| Details | Url | 1 | http://www.threatexpert.com/report.aspx?md5=bce1069dd099f15170c5fd05bae921b5 |
|
| Details | Url | 1 | http://www.threatexpert.com/report.aspx?md5=aba9baea70825e6adf0723587f273dc4 |
|
| Details | Url | 1 | http://www.tmcnet.com/usubmit/2011/08/11/5698912.htm |
|
| Details | Url | 1 | http://www.commandfive.com |