Log4Shell 취약점 공격으로 코인 마이너를 설치하는 8220 Gang 공격 그룹 - ASEC BLOG
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Confluence - T1213.001 Msbuild - T1127.001 Powershell - T1059.001 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 2ec6b327-646a-4940-ad76-6391f06c95d0
Fingerprint 908d1c8dd81f9f78
Analysis status DONE
Considered CTI value 2
Text language
Published April 17, 2023, 4:11 p.m.
Added to db April 17, 2023, 9:48 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Log4Shell 취약점 공격으로 코인 마이너를 설치하는 8220 Gang 공격 그룹
Title Log4Shell 취약점 공격으로 코인 마이너를 설치하는 8220 Gang 공격 그룹 - ASEC BLOG
Detected Hints/Tags/Attributes 16/2/29
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/ko/51362/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 18 ASEC https://asec.ahnlab.com/ko/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 397 
cve-2021-44228
Details CVE 122 
cve-2022-26134
Details Domain 4 
su-95.letmaker.top
Details Domain 2 
su95.bpdeliver.ru
Details File 13 
ws_tomcatservice.exe
Details File 8 
bypass.ps1
Details File 2 
%temp%photoshop-setup-2545.exe
Details File 2 
photoshop-setup-2545.exe
Details File 103 
regasm.exe
Details File 2 
whkpws.png
Details File 2 
deliver1.exe
Details File 149 
msbuild.exe
Details File 5 
plugin_3.dll
Details File 5 
plugin_4.dll
Details File 15 
addinprocess.exe
Details md5 2 
d63be89106d40f7b22e5c66de6ea5d65
Details md5 2 
2748c76e21f7daa0d41419725af8a134
Details md5 2 
851d4ab539030d2ccaea220f8ca35e10
Details md5 2 
bd0312d048419353d57068f5514240dc
Details IPv4 2 
77.91.84.42
Details IPv4 7 
179.43.155.202
Details IPv4 2 
174.138.19.0
Details IPv4 4 
163.123.142.210
Details Url 2 
http://77.91.84.42/whkpws.png
Details Url 2 
http://163.123.142.210/bypass.ps1
Details Url 2 
http://77.91.84.42/bypass.ps1
Details Url 2 
http://77.91.84.42/deliver1.exe
Details Url 2 
http://77.91.84.42/plugin_3.dll
Details Url 2 
http://77.91.84.42/plugin_4.dll