MS Media Player 이용한 악성 워드문서 (안랩사칭) - ASEC BLOG
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 0d793323-8853-4125-9944-b07114679a93 |
| Fingerprint | 6c82617599e31feb |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 30, 2022, 11:19 a.m. |
| Added to db | Jan. 30, 2023, 4:32 p.m. |
| Last updated | Oct. 30, 2024, 10:17 a.m. |
| Headline | MS Media Player 이용한 악성 워드문서 (안랩사칭) |
| Title | MS Media Player 이용한 악성 워드문서 (안랩사칭) - ASEC BLOG |
| Detected Hints/Tags/Attributes | 8/2/34 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/ko/33259/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | mr.open |
|
| Details | Domain | 3 | zvc1ijau.naveicoipc.tech |
|
| Details | Domain | 6 | naveicoipc.tech |
|
| Details | Domain | 4 | naveicoipd.tech |
|
| Details | Domain | 3 | bcvbert.naveicoipe.tech |
|
| Details | Domain | 1 | wrhehdfg.naveicoipe.tech |
|
| Details | Domain | 2 | msldkopw.naveicoipe.tech |
|
| Details | Domain | 1 | uktyukb.naveicoipe.tech |
|
| Details | Domain | 1 | gowelknx.naveicoipf.online |
|
| Details | Domain | 3 | xjowihgnxcvb.naveicoipf.online |
|
| Details | File | 2 | 분할.docx |
|
| Details | File | 1 | 202203_btc_eth_추가계정정보.docx |
|
| Details | File | 2 | 고소장.docx |
|
| Details | File | 1 | 유사수신고소장.docx |
|
| Details | File | 1 | btc_eth자동매매계정정보.docx |
|
| Details | File | 1 | 암호화폐_투자기획.docx |
|
| Details | File | 66 | settings.xml |
|
| Details | File | 1 | %programdata%\usoshared\logs 폴더에 usoservice.exe |
|
| Details | File | 4 | updatechecker.exe |
|
| Details | md5 | 2 | ce00749c908de017010055a83ac0654f |
|
| Details | md5 | 2 | 783e7c3ba39daa28301b841785794d76 |
|
| Details | md5 | 1 | 2fec0c6ff8af4484471633aeaa1c9996 |
|
| Details | md5 | 3 | 6df608342938f0d30a058c48bb9d8d4d |
|
| Details | Url | 3 | http://zvc1ijau.naveicoipc.tech/acms/0lvnak1t/0lvnak1t64.acm |
|
| Details | Url | 3 | http://zvc1ijau.naveicoipc.tech/acms/0lvnak1t/0lvnak1t32.acm |
|
| Details | Url | 1 | http://naveicoipc.tech/acms/0nxbqs2e/topaccounts?uid=rt6i45sd |
|
| Details | Url | 3 | http://naveicoipd.tech/acms/018uecds/blockchaintemplate |
|
| Details | Url | 1 | http://bcvbert.naveicoipe.tech/acms/01awet9z/wwwtemplate?uid=glvrdta |
|
| Details | Url | 1 | http://wrhehdfg.naveicoipe.tech/acms/0tqykdo9/accounttemplate0330?vvvid=rehs4344s |
|
| Details | Url | 1 | http://msldkopw.naveicoipe.tech/acms/0tqykdo9/accounttemplate03301?vvvid=zxzdfherh |
|
| Details | Url | 1 | http://uktyukb.naveicoipe.tech/acms/0tqykdo9/accounttemplate03304?vvvid=cvnrturr |
|
| Details | Url | 1 | http://gowelknx.naveicoipf.online/acms/07rrwrwk/securitytemplate0?securityid=ffsdwiefwe |
|
| Details | Url | 1 | http://xjowihgnxcvb.naveicoipf.online/acms/07rrwrwk/securitytemplate3?securityid=cbvkoweoigwk |
|
| Details | Windows Registry Key | 2 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run\WUService |