활발하게 유포 중인 BAT 스크립트 포함한 악성 한글문서 (북한/국방/방송) - ASEC BLOG
Tags
| attack-pattern: | Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 28d69187-f3a3-4313-bfe2-425d3f2c715b |
| Fingerprint | eab9d3fa8e0a1653 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 10, 2022, 2:56 p.m. |
| Added to db | Jan. 30, 2023, 4:35 p.m. |
| Last updated | Nov. 18, 2024, 1:24 p.m. |
| Headline | 활발하게 유포 중인 BAT 스크립트 포함한 악성 한글문서 (북한/국방/방송) |
| Title | 활발하게 유포 중인 BAT 스크립트 포함한 악성 한글문서 (북한/국방/방송) - ASEC BLOG |
| Detected Hints/Tags/Attributes | 12/1/22 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/ko/35189/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 190 | asec.ahnlab.com |
|
| Details | Domain | 2 | ap8.name |
|
| Details | File | 1212 | powershell.exe |
|
| Details | File | 291 | user32.dll |
|
| Details | File | 16 | help.exe |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 2 | t32.bat |
|
| Details | File | 3 | c:\windows\syswow64\help.exe |
|
| Details | md5 | 2 | 882546e8fc2dc2fd580170afda20e396 |
|
| Details | md5 | 2 | 1d413a7c62b48760838bed0d03a35b05 |
|
| Details | md5 | 2 | 393f78e609af5e77da5ea9ba10facbfb |
|
| Details | md5 | 2 | e223711e31431250946203c27372cd3a |
|
| Details | md5 | 2 | 9aac95c3d76319fe3df9fed53fb06507 |
|
| Details | md5 | 2 | 7442a74c7351b8ab0bb49b778530a95e |
|
| Details | md5 | 2 | 404e2fe1fbca70603cb91932664bc112 |
|
| Details | md5 | 2 | 87c1f6ab7933bce7969f593e3c6096c2 |
|
| Details | md5 | 2 | b5b0ffecc4b30e7f140b517333c6a2d2 |
|
| Details | md5 | 2 | 546ae7bd8b88289a21ac8d7dc62a3bd7 |
|
| Details | md5 | 2 | 390a2439581b8c04adace93fed2e4425 |
|
| Details | md5 | 2 | 7dea7277f672ad85fdf344c467f739eb |
|
| Details | md5 | 2 | 667dbfdc01cc6e808b2485c7eed74e97 |
|
| Details | Url | 1 | https://asec.ahnlab.com/ko/32330 |