ioc[.]one - OSINT Cyber Threat Intelligence Database

Malicious Batch File (*.bat) Disguised as a Document Viewer Being Distributed (Kimsuky) - ASEC BLOG

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Hidden Window - T1564.003 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Software - T1592.002 Hidden Window - T1143 Mshta - T1170

Show in Graph

Common Information

Type	Value
UUID	298d3866-488b-4001-b255-c61cb0f1f8b7
Fingerprint	90081c730db499a9
Analysis status	DONE
Considered CTI value	2
Text language
Published	July 11, 2023, 8 a.m.
Added to db	July 11, 2023, 3 a.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Malicious Batch File (*.bat) Disguised as a Document Viewer Being Distributed (Kimsuky)
Title	Malicious Batch File (*.bat) Disguised as a Document Viewer Being Distributed (Kimsuky) - ASEC BLOG
Detected Hints/Tags/Attributes	48/2/73

Source URLs

	Redirection	Url
Details	Source	https://asec.ahnlab.com/en/55219/

URL Provider

Details	Provider	Source level domain
Details	ahnlab.com	asec.ahnlab.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	17	✔	ASEC	https://asec.ahnlab.com/en/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	194	drive.google.com
Details	Domain	112	docs.google.com
Details	Domain	5	joongang.site
Details	Domain	372	wscript.shell
Details	Domain	11	ws.run
Details	Domain	4	namsouth.com
Details	Domain	6	staradvertiser.store
Details	Domain	124	www.sentinelone.com
Details	File	3	docview.bat
Details	File	3	pdfview.bat
Details	File	5	hwp.bat
Details	File	3	docxview.bat
Details	File	9	pdf.bat
Details	File	1	command.pdf
Details	File	3	study.pdf
Details	File	1	peninsula.pdf
Details	File	2	nk_nuclear_threat.docx
Details	File	27	avpui.exe
Details	File	119	avp.exe
Details	File	5	%appdata%\microsoft\templates\normal.dot
Details	File	11	ca.php
Details	File	6	dot_kasp.gif
Details	File	3	c:\users\public\videos\video.vbs
Details	File	4	reg0.gif
Details	File	41	avastui.exe
Details	File	27	avgui.exe
Details	File	3	%appdata%\microsoft\windows\start menu\programs\startup\onenote.vbs
Details	File	3	sh_ava.gif
Details	File	3	sh_vb.gif
Details	File	2	%appdata%\asdfg.vbs
Details	File	5	vbs.gif
Details	File	66	normal.dot
Details	File	2125	cmd.exe
Details	File	3	video.vbs
Details	File	376	wscript.exe
Details	File	3	qwer.gif
Details	File	3	qwer.bat
Details	File	29	d.php
Details	File	6	onenote.vbs
Details	File	128	msedge.exe
Details	File	271	chrome.exe
Details	File	173	outlook.exe
Details	File	5	whale.exe
Details	File	199	firefox.exe
Details	File	13	r.php
Details	File	456	mshta.exe
Details	File	2	%appdata%\1.vbs
Details	File	3	asdfg.vbs
Details	md5	2	7d79901b01075e29d8505e72d225ff52
Details	md5	2	00119ed01689e76cb7f33646693ecd6a
Details	md5	2	8536d838dcdd026c57187ec2c3aec0f6
Details	md5	2	a7ac7d100184078c2aa5645552794c19
Details	Url	2	https://drive.google.com/file/d/1e41uc2ztyvtc3cvs6wikox22agdp4nfb/view?usp=sharing
Details	Url	2	https://drive.google.com/file/d/1ti4j95-7hdges8e6ohr-wu0cxd8whpuc/view?usp=sharing
Details	Url	2	https://docs.google.com/document/d/1njfvspdku2pw3gwg0dnoelrlvp3cegb4mtnife4bove/edit?usp=sharing
Details	Url	2	https://docs.google.com/document/d/1c3h0agp3e6z4a9z-yxnmtgp3fd9y8n2c/edit?rtpof=true&sd=true
Details	Url	2	https://drive.google.com/file/d/1rcws6idhjvynpm3tosv3ikgwnkxi5uh9/view?usp=sharing
Details	Url	3	http://joongang.site/pprb/sec/ca.php?na=dot_kasp.gif
Details	Url	3	http://joongang.site/pprb/sec/ca.php?na=reg0.gif
Details	Url	3	http://joongang.site/pprb/sec/ca.php?na=sh_ava.gif
Details	Url	3	https://joongang.site/pprb/sec/ca.php?na=sh_vb.gif
Details	Url	3	https://joongang.site/pprb/sec/ca.php?na=vbs.gif
Details	Url	2	http://joongang.site/pprb/sec/d.php?na=battmp
Details	Url	2	https://joongang.site/pprb/sec/r.php
Details	Url	2	https://joongang.site/pprb/sec/t1.hta
Details	Url	1	https://joongang.site/pprb/sec/d.php?na=battmp
Details	Url	2	http://joongang.site/pprb/sec
Details	Url	2	http://joongang.site/doc
Details	Url	2	http://joongang.site/docx
Details	Url	2	http://namsouth.com/gopprb/opopo
Details	Url	2	http://staradvertiser.store/signal
Details	Url	4	https://www.sentinelone.com/labs/kimsuky-evolves-reconnaissance-capabilities-in-new-global-campaign
Details	Windows Registry Key	4	HKEY_CURRENT_USER\Software\Microsoft\Command