Malware Execution Method Using DNS TXT Record - ASEC BLOG
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Dns - T1071.004 Dns - T1590.002 Javascript - T1059.007 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 2898e87b-c791-4cd7-a021-c7b60a731bb9
Fingerprint a4862dc789f48484
Analysis status DONE
Considered CTI value 2
Text language
Published June 30, 2023, 8 a.m.
Added to db June 30, 2023, 2 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Malware Execution Method Using DNS TXT Record
Title Malware Execution Method Using DNS TXT Record - ASEC BLOG
Detected Hints/Tags/Attributes 39/2/24
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/en/54916/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 17 ASEC https://asec.ahnlab.com/en/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2 
abena-dk.cam
Details Domain 2 
calc.abena-dk.cam
Details Domain 2 
blessed.abena-dk.cam
Details Domain 2 
methew.abena-dk.cam
Details Domain 78 
bitbucket.org
Details File 312 
calc.exe
Details File 2 
methewpayload.js
Details File 3 
meth.js
Details File 376 
wscript.exe
Details File 4 
injector.c4
Details File 2 
blessed_payload.js
Details File 2 
test_payload.vbs
Details File 2 
rumpe_js.txt
Details md5 2 
f6b8a4c6ed15a1a17896797ce3fe2440
Details md5 2 
4a647e9baffe95acb9e2ec989b23808b
Details md5 3 
2a59f2a51b96d9364e10182a063d9bec
Details Url 2 
http://abena-dk.cam
Details Url 2 
http://calc.abena-dk.cam
Details Url 2 
http://blessed.abena-dk.cam
Details Url 2 
http://methew.abena-dk.cam
Details Url 2 
https://bitbucket.org/mounmeinlylo/rikirollin/downloads/methewpayload.js
Details Url 2 
https://bitbucket.org/mounmeinlylo/rikirollin/downloads/blessed_payload.js
Details Url 2 
https://bitbucket.org/mounmeinlylo/rikirollin/downloads/test_payload.vbs
Details Url 2 
https://firebasestorage.googleapis.com/v0/b/fir-8c14f.appspot.com/o/rumpe_js.txt?alt=media&token=0ebb3747