김수키 조직, 청와대 녹지원/상춘재 행사 견적서 사칭 APT 공격
Tags
attack-pattern: Data Regsvr32 - T1218.010 Regsvr32 - T1117
Show in Graph
Common Information
Type Value
UUID 1eb03a52-d76a-4213-9d04-39282d7529fd
Fingerprint 2efd7dbec9857670
Analysis status DONE
Considered CTI value 1
Text language
Published Dec. 4, 2019, 12:38 a.m.
Added to db Jan. 30, 2023, 4:34 p.m.
Last updated Nov. 17, 2024, 12:58 p.m.
Headline
Title 김수키 조직, 청와대 녹지원/상춘재 행사 견적서 사칭 APT 공격
Detected Hints/Tags/Attributes 19/1/30
Source URLs
Redirection Url
Details Source https://blog.alyac.co.kr/2645
URL Provider
Details Provider Source level domain
Details alyac.co.kr blog.alyac.co.kr
Attributes
Details Type #Events CTI Value
Details Domain 3 
antichrist.or.kr
Details Domain 3 
ago2.co.kr
Details Domain 2 
esy.es
Details Domain 1 
member-view-center.esy.es
Details Domain 3 
primary-help.esy.es
Details Domain 4 
gyjmc.com
Details File 23 
c:\windows\system32\regsvr32.exe
Details File 3 
newact.dat
Details File 1 
rns.bat
Details File 1 
'rns.bat
Details File 1 
'newact.dat
Details File 1 
'lyric.dat
Details File 1 
lyric.dat
Details File 8 
f.php
Details File 4 
_log.txt
Details File 14 
cmd.txt
Details File 1 
svchow.dat
Details File 1 
'f.php
Details File 2 
'svchow.dat
Details File 1 
'1.vbs
Details md5 4 
35d60d2723c649c97b414b3cb701df1c
Details IPv4 2 
114.207.244.99
Details Pdb 1 
e:\pc\makehwp\bin\makehwp.pdb
Details Pdb 1 
'makehwp.pdb
Details Pdb 1 
e:\pc\estservice\bin32\makehwp.pdb
Details Url 2 
http://antichrist.or.kr/data/cheditor/dir1/f.php
Details Url 1 
http://ago2.co.kr/bbs/data/dir/svchow.dat
Details Url 1 
http://ago2.co.kr/bbs/data/dir/f.php
Details Url 1 
http://member-view-center.esy.es/myaccount/?m=viewchangepasswd&menu=security&token_help
Details Url 1 
http://gyjmc.com/board/data/cheditor/dir1/f.php