MS-SQL 서버를 대상으로 하는 Netcat 공격 사례 (LOLBins) - ASEC BLOG
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Malware - T1587.001 Malware - T1588.001
Show in Graph
Common Information
Type Value
UUID 3105ed4d-b9d7-4113-a1c1-66fb06884b7e
Fingerprint b00925d3d2a078fb
Analysis status DONE
Considered CTI value 2
Text language
Published March 7, 2023, 9:32 a.m.
Added to db March 7, 2023, 2:57 a.m.
Last updated Dec. 18, 2024, 2:14 p.m.
Headline MS-SQL 서버를 대상으로 하는 Netcat 공격 사례 (LOLBins)
Title MS-SQL 서버를 대상으로 하는 Netcat 공격 사례 (LOLBins) - ASEC BLOG
Detected Hints/Tags/Attributes 24/2/31
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/ko/48866/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 18 ASEC https://asec.ahnlab.com/ko/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2 
ccbsec.ccb.fyi
Details File 35 
nc.exe
Details File 2 
d:\db\artifact.exe
Details File 2 
d:\db\git.exe
Details File 2 
d:\db\mimih3.exe
Details File 2 
d:\db\nc64m.exe
Details File 2 
d:\db\rasman.exe
Details File 2 
d:\db\sharpdecryptpwd.exe
Details File 2 
d:\db\info.exe
Details File 2 
d:\db\agent.exe
Details File 2 
rasman.exe
Details File 2 
nc64m.exe
Details File 2226 
cmd.exe
Details File 30 
ftp.exe
Details File 17 
artifact.exe
Details File 14 
git.exe
Details File 2 
mimih3.exe
Details File 9 
sharpdecryptpwd.exe
Details File 13 
info.exe
Details File 48 
agent.exe
Details File 231 
min.js
Details md5 2 
7cc986338d60af5f2b0f1a17d5ed0542
Details md5 2 
3cdc614b55c9426a73fcfc194f3c13bc
Details md5 2 
d16c0494d4ad7cf0c353eafe38985c7d
Details md5 2 
844a9d708d3beb530b18d9ed7f3490a3
Details md5 2 
5ffad0ca02a426664249e9b9c0a2a122
Details md5 2 
6ca5c7421c246efeb938eb73d3a93dd0
Details md5 2 
4d3e3dab638640e4995357d6df2ea131
Details md5 2 
21c2d9e1586d7fb7ac6fe8174a966513
Details md5 2 
deb07c605672a5b37873c2377cba1c09
Details IPv4 3 
107.175.111.199