북한 해킹 단체 김수키(Kimsuky)에서 만든 PowerShell 백도어 도구(2024.2.29)
Tags
| attack-pattern: | Dns - T1071.004 Dns - T1590.002 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 2bae8c78-deb8-4b64-8acb-acb8a8da0dac |
| Fingerprint | 7a185f4ea9069a67 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 1, 2024, 12:58 a.m. |
| Added to db | Aug. 31, 2024, 11:18 a.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | 꿈을꾸는 파랑새 |
| Title | 북한 해킹 단체 김수키(Kimsuky)에서 만든 PowerShell 백도어 도구(2024.2.29) |
| Detected Hints/Tags/Attributes | 26/1/15 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://wezard4u.tistory.com/429244 |
| Details | Source | http://wezard4u.tistory.com/429244 |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 478 | ✔ | 꿈을꾸는 파랑새 | https://wezard4u.tistory.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 339 | system.net |
|
| Details | Domain | 1 | system.ru |
|
| Details | Domain | 1 | trojan.ps |
|
| Details | Domain | 1 | backdoor.powershell.agent.eu |
|
| Details | Domain | 1 | behaveslike.ps.exploit.nr |
|
| Details | File | 3 | client.ps1 |
|
| Details | File | 59 | csc.exe |
|
| Details | File | 9 | trojan.ps |
|
| Details | File | 3 | script.bat |
|
| Details | File | 1 | behaveslike.ps |
|
| Details | File | 9 | 악성코드-cz_army_nato_coeration.zip |
|
| Details | md5 | 2 | c81ed44799aefb540123159618f7507c |
|
| Details | sha1 | 2 | fd23177a4481f39fe53a306e2d7fe282cb30a87d |
|
| Details | sha256 | 2 | 87b5a1f79a2be17401d8b2d354c61619ce6195b57e8a5183f78b98e233036062 |
|
| Details | Url | 1 | http://m.net.dns |