윈도우 정품 인증 툴을 이용해 유포 중인 BitRAT, XMRig 코인 마이너 - ASEC BLOG
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Installutil - T1218.004 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Software - T1592.002 Tool - T1588.002 Installutil - T1118 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 27126bc2-7d66-4b76-a805-00ce5ba20f15 |
| Fingerprint | 588ecdc063066d39 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 16, 2022, 9:42 a.m. |
| Added to db | Jan. 16, 2023, 3:56 p.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | 윈도우 정품 인증 툴을 이용해 유포 중인 BitRAT, XMRig 코인 마이너 |
| Title | 윈도우 정품 인증 툴을 이용해 유포 중인 BitRAT, XMRig 코인 마이너 - ASEC BLOG |
| Detected Hints/Tags/Attributes | 22/2/32 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/ko/37602/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | purposedesigns.net |
|
| Details | Domain | 145 | api.telegram.org |
|
| Details | Domain | 2 | asia.randomx-hub.miningpoolhub.com |
|
| Details | Domain | 25 | mdp.download |
|
| Details | File | 6 | unpack.exe |
|
| Details | File | 2 | kms.msi |
|
| Details | File | 1209 | powershell.exe |
|
| Details | File | 10 | software_reporter_tool.exe |
|
| Details | File | 5 | 'installutil.exe |
|
| Details | File | 2 | 'software_reporter_tool.exe |
|
| Details | File | 17 | 'svchost.exe |
|
| Details | File | 2 | %localappdata%\google\software_reporter_tool.exe |
|
| Details | File | 2127 | cmd.exe |
|
| Details | File | 2 | obieznne.msi |
|
| Details | File | 2 | wniavctm.msi |
|
| Details | File | 2 | kms_tool.msi |
|
| Details | File | 2 | zxoeqxat.msi |
|
| Details | File | 2 | kmstools.exe |
|
| Details | File | 83 | installutil.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 20 | win.msi |
|
| Details | md5 | 2 | 74120cfeca3b003c6dbf81707216c22c |
|
| Details | md5 | 2 | ce985a31420169f002706fb46d5e8cd0 |
|
| Details | md5 | 2 | d6cb1c1dd51917214ff41b76e904769e |
|
| Details | md5 | 2 | 4e5cb75c3c99f30c7a22b940fd107505 |
|
| Details | IPv4 | 2 | 147.189.161.248 |
|
| Details | Url | 2 | http://purposedesigns.net:443/obieznne.msi |
|
| Details | Url | 2 | http://purposedesigns.net:443/wniavctm.msi |
|
| Details | Url | 2 | http://purposedesigns.net:443/kms_tool.msi |
|
| Details | Url | 3 | https://api.telegram.org/bot5538205016 |
|
| Details | Url | 2 | http://purposedesigns.net:443/kms.msi |
|
| Details | Windows Registry Key | 7 | HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run |