VBS를 통해 유포 중인 AgentTesla - ASEC BLOG
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Powershell - T1059.001 Software - T1592.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 25078217-3258-40a0-a265-575e8e0066da |
| Fingerprint | 106f4b13a3a09b9b |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 25, 2022, 8:42 a.m. |
| Added to db | Jan. 16, 2023, 3:52 p.m. |
| Last updated | Nov. 18, 2024, 4:35 a.m. |
| Headline | VBS를 통해 유포 중인 AgentTesla |
| Title | VBS를 통해 유포 중인 AgentTesla - ASEC BLOG |
| Detected Hints/Tags/Attributes | 9/2/24 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/ko/40571/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | 770140578183.cl |
|
| Details | Domain | 2 | edp-bkv.com |
|
| Details | Domain | 1176 | gmail.com |
|
| Details | 2 | hasan@edp-bkv.com |
||
| Details | 2 | kingpentecost22@gmail.com |
||
| Details | File | 2 | doc_10049500220529464169750.pdf |
|
| Details | File | 2 | doc_5246701207754814333490.vbs |
|
| Details | File | 2 | flex.vbs |
|
| Details | File | 3 | invoice.vbs |
|
| Details | File | 2 | ljur900225565_pdf.vbs |
|
| Details | File | 2 | noticeofarrival.vbs |
|
| Details | File | 2 | 6554342.vbs |
|
| Details | File | 2 | jktr002014953_5101075053_ppwk.vbs |
|
| Details | File | 2 | 9419-pdf.vbs |
|
| Details | File | 2 | besolo.vbs |
|
| Details | File | 2 | solu.vbs |
|
| Details | File | 1209 | powershell.exe |
|
| Details | File | 14 | caspol.exe |
|
| Details | md5 | 2 | 7fe2ed92d9306c8f0843cbb4a38f88e0 |
|
| Details | md5 | 2 | b06081daa9bc002cd750efb65e1e932e |
|
| Details | md5 | 2 | eccef74de61f20a212ecbb4ead636f73 |
|
| Details | md5 | 2 | ea202427fbe14d9a6d808b9ee911f68c |
|
| Details | Windows Registry Key | 2 | HKCU\Software\Basilicae17\Vegetates |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Basilicae17\Vegetates에 |