MS-SQL 서버를 공격 중인 Trigona 랜섬웨어 - ASEC BLOG
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Web Shell - T1505.003 Web Shell - T1100 |
Common Information
| Type | Value |
|---|---|
| UUID | 1996a885-2cec-472d-8ccc-32801b82f80b |
| Fingerprint | 932e7a1dddde9c |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | April 10, 2023, 4:40 p.m. |
| Added to db | April 11, 2023, 12:49 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | MS-SQL 서버를 공격 중인 Trigona 랜섬웨어 |
| Title | MS-SQL 서버를 공격 중인 Trigona 랜섬웨어 - ASEC BLOG |
| Detected Hints/Tags/Attributes | 20/2/16 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/ko/51168/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 18 | ✔ | ASEC | https://asec.ahnlab.com/ko/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | 3x55o3u2b7cjs54eifja5m3ottxntlubhjzt6k6htp5nrocjmsxxh7ad.onion |
|
| Details | Domain | 27 | trojan.win |
|
| Details | Domain | 1 | unwanted.win |
|
| Details | File | 5 | evilclr.dll |
|
| Details | File | 7 | nt.exe |
|
| Details | File | 119 | sqlservr.exe |
|
| Details | File | 4 | svcservice.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 4 | svchost.bat |
|
| Details | File | 3 | win.sql |
|
| Details | md5 | 2 | 1cece45e368656d322b68467ad1b8c02 |
|
| Details | md5 | 2 | 530967fb3b7d9427552e4ac181a37b9a |
|
| Details | md5 | 2 | 1e71a0bb69803a2ca902397e08269302 |
|
| Details | md5 | 4 | 46b639d59fea86c21e5c4b05b3e29617 |
|
| Details | md5 | 2 | 5db23a2c723cbceabec8d5e545302dc4 |
|
| Details | Url | 1 | http://3x55o3u2b7cjs54eifja5m3ottxntlubhjzt6k6htp5nrocjmsxxh7ad.onion |