국세청을 사칭한 악성 LNK 유포 - ASEC BLOG
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Powershell - T1059.001 Rundll32 - T1218.011 Powershell - T1086 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID 214d86c1-ee26-4620-9f75-2b24a32b2d33
Fingerprint f02eaecfdd047dbd
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 14, 2023, 5:28 p.m.
Added to db Oct. 22, 2023, 9:15 p.m.
Last updated Nov. 18, 2024, 9:32 a.m.
Headline 국세청을 사칭한 악성 LNK 유포
Title 국세청을 사칭한 악성 LNK 유포 - ASEC BLOG
Detected Hints/Tags/Attributes 13/2/32
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/ko/57088/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 18 ASEC https://asec.ahnlab.com/ko/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2 
file.gdrive001.com
Details Domain 2 
02641.zip
Details Domain 2 
filehost001.com
Details File 4 
안내.zip
Details File 2 
%public%\02641.zip
Details File 22 
start.vbs
Details File 2 
74116308.bat
Details File 2 
02619992.bat
Details File 2 
86856980.bat
Details File 2 
20191362.bat
Details File 12 
unzip.exe
Details File 1019 
rundll32.exe
Details File 2 
53844252.bat
Details File 97 
upload.php
Details File 67 
get.php
Details File 9 
temprun.bat
Details File 64 
list.php
Details File 13 
%computername%.txt
Details File 1 
현황.xlsx
Details File 1 
설명자료.pdf
Details File 2 
securitymail.html
Details md5 2 
560e5977e5e5ce077adc9478cd93c2ac
Details md5 2 
7725d117d0bd0a7a5fb8ef101b019415
Details md5 2 
2d0747533d4d3f138481c4c4cda9ea1e
Details md5 2 
9c3eef28b4418c40a7071ddcba17f0e8
Details md5 2 
20f0e8362782c7451993e579336f2f3e
Details md5 2 
b5f698fb96835d155fbcc1ccd4f4b520
Details md5 2 
ca11ba5e641156ff72400e7f5e103aee
Details Url 2 
https://file.gdrive001.com/read/?cu=jaebonghouse&so=종합소득세
Details Url 2 
http://filehost001.com/upload.php
Details Url 2 
https://file.gdrive001.com/read/get.php?cu=ln3&so=xu6502
Details Url 2 
http://filehost001.com/list.php?f=%computername%.txt