Warning Against HWP Documents Embedded with Malicious OLE Objects - ASEC BLOG
Tags
| country: | North Korea |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 1364e12b-0aed-48c8-a381-22b31befd69e |
| Fingerprint | e883a84307ffcbc3 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 1, 2023, 10:45 a.m. |
| Added to db | Nov. 1, 2023, 2:56 a.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | Warning Against HWP Documents Embedded with Malicious OLE Objects |
| Title | Warning Against HWP Documents Embedded with Malicious OLE Objects - ASEC BLOG |
| Detected Hints/Tags/Attributes | 47/3/37 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/en/58335/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 17 | ✔ | ASEC | https://asec.ahnlab.com/en/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 4 | host.sharingdocument.one |
|
| Details | Domain | 4 | mail.smartprivacyc.com |
|
| Details | Domain | 291 | raw.githubusercontent.com |
|
| Details | Domain | 5 | plm.myartsonline.com |
|
| Details | File | 4 | zz.bat |
|
| Details | File | 5 | oz.txt |
|
| Details | File | 5 | pq.txt |
|
| Details | File | 4 | down.txt |
|
| Details | File | 65 | info.txt |
|
| Details | File | 7 | upload.txt |
|
| Details | File | 4 | thumbs.log |
|
| Details | File | 1209 | powershell.exe |
|
| Details | md5 | 3 | 2f0a67b719d8303c0ec7cc9057ed8411 |
|
| Details | md5 | 3 | af5bbab33f934dc016fc1aa0d910820e |
|
| Details | md5 | 3 | 7f3a30525b9324a2aeb32a9018df944f |
|
| Details | md5 | 3 | 361237b6b385874f02f3724ae50d1522 |
|
| Details | md5 | 3 | a242741873637fdac8f69f2ffdba47bc |
|
| Details | md5 | 3 | 7284a6376aa79a2384f797769b7ce086 |
|
| Details | md5 | 3 | 2ef182bced72da507d2e403ab9db3c9f |
|
| Details | md5 | 3 | f416b44332b4fb394b4735634cb07ff2 |
|
| Details | md5 | 3 | c16796909d5feea709d99e306f7e9975 |
|
| Details | md5 | 3 | 0217e70fd7bc3a65ee0f2dd60ff85fbf |
|
| Details | md5 | 3 | d5d395d90ccf9a7309f2f64169a2c019 |
|
| Details | md5 | 3 | 8cafe74f03605a9bfaea5081b3ed0fc2 |
|
| Details | md5 | 3 | 4934226f319d82ae092ada2525a7feb5 |
|
| Details | md5 | 3 | 1061425d7e3d054a79f9294a2118b5da |
|
| Details | md5 | 3 | 2773acee87413790e9ace99c536c78ad |
|
| Details | md5 | 3 | 77edb140b86596eabe3602bb7febb997 |
|
| Details | Url | 2 | http://host.sharingdocument.one/dashboard/explore/starred?hwpview=[specific |
|
| Details | Url | 2 | http://mail.smartprivacyc.com/get/account/view?myact=[specific |
|
| Details | Url | 4 | https://raw.githubusercontent.com/babaramam/repo/main/pq.txt |
|
| Details | Url | 3 | https://raw.githubusercontent.com/babaramam/repo/main/info.txt |
|
| Details | Url | 3 | https://raw.githubusercontent.com/babaramam/repo/main/upload.txt |
|
| Details | Url | 3 | https://raw.githubusercontent.com/babaramam/repo/main/down.txt |
|
| Details | Url | 2 | https://raw.githubusercontent.com/babaramam/repo/main/pq.txt‘)};$b=$a.replace |
|
| Details | Url | 3 | http://host.sharingdocument.one/dashboard/explore/starred?hwpview= |
|
| Details | Url | 3 | http://mail.smartprivacyc.com/get/account/view?myact= |