Word File Provided as External Link When Replying to Attacker's Email (Kimsuky) - ASEC BLOG
Tags
country: North Korea
maec-delivery-vectors: Watering Hole
attack-pattern: Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Mshta - T1170
Show in Graph
Common Information
Type Value
UUID 1c6fc245-e289-42f1-8990-17e16d694715
Fingerprint c4c7bd9819eea32e
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 2, 2022, 12:55 p.m.
Added to db Sept. 11, 2022, 12:45 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Word File Provided as External Link When Replying to Attacker’s Email (Kimsuky)
Title Word File Provided as External Link When Replying to Attacker's Email (Kimsuky) - ASEC BLOG
Detected Hints/Tags/Attributes 32/3/18
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/en/37396/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 17 ASEC https://asec.ahnlab.com/en/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 10 
mx.open
Details Domain 2 
asssambly.mywebcommunity.org
Details Domain 2 
freunkown1.sportsontheweb.net
Details File 4 
request.doc
Details File 46 
microsoft.xml
Details File 64 
list.php
Details File 5 
version.ini
Details File 376 
wscript.exe
Details File 3 
%appdata%\microsoft\templates\version.ini
Details File 7 
%windir%\system32\mshta.exe
Details File 2 
gtfmon.exe
Details File 4 
h.php
Details File 456 
mshta.exe
Details md5 2 
357ef37979b02b08120895ae5175eb0a
Details md5 2 
7fe055d5aa72bd50470da61985e12a8a
Details Url 2 
https://accounts.serviceprotect.eu/signin/v2/identifier?hl=kr&passive=true&
Details Url 2 
http://asssambly.mywebcommunity.org/file/upload/list.php?query=1
Details Url 2 
http://freunkown1.sportsontheweb.net/h.php