RedEyes (ScarCruft)'s CHM Malware Using the Topic of Fukushima Wastewater Release - ASEC BLOG
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Javascript - T1059.007 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Mshta - T1170 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID 31f4bde4-efab-4035-80ec-019c2f20aa7c
Fingerprint 952c1f6b21678a99
Analysis status DONE
Considered CTI value 0
Text language
Published Sept. 8, 2023, 9:55 a.m.
Added to db Oct. 24, 2023, 1:13 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline RedEyes (ScarCruft)’s CHM Malware Using the Topic of Fukushima Wastewater Release
Title RedEyes (ScarCruft)'s CHM Malware Using the Topic of Fukushima Wastewater Release - ASEC BLOG
Detected Hints/Tags/Attributes 41/2/13
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/en/56857/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
navercorp.ru
Details File 34 
hh.exe
Details File 409 
c:\windows\system32\cmd.exe
Details File 1208 
powershell.exe
Details File 5 
4.html
Details File 4 
com.php
Details md5 1 
52f71fadf0ea5ffacd753e83a3d0af1a
Details IPv4 29 
2.2.2.2
Details Url 1 
http://navercorp.ru/dashboard/image/202302/4.html
Details Url 1 
http://navercorp.ru/dashboard/image/202302/com.php?u=[computer
Details Url 1 
http://navercorp.ru/dashboard/image/202302/com.php?r=[base64
Details Url 1 
http://navercorp.ru/dashboard/image/202302/com.php
Details Windows Registry Key 112 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run