ioc[.]one - OSINT Cyber Threat Intelligence Database

탈륨 조직, 북한경제분야 활동 러시아 연구원 상대로 정교한 사이버 공격 수행

Tags

country:	Russia
attack-pattern:	Data Mshta - T1218.005 Mshta - T1170

Show in Graph

Common Information

Type	Value
UUID	34c2ca5e-4b06-483f-85f8-a6e1ebc03636
Fingerprint	706831bece60d173
Analysis status	DONE
Considered CTI value	0
Text language
Published	Feb. 1, 2021, 7:26 p.m.
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 17, 2024, 11:40 p.m.
Headline
Title	탈륨 조직, 북한경제분야 활동 러시아 연구원 상대로 정교한 사이버 공격 수행
Detected Hints/Tags/Attributes	17/2/38

Source URLs

	Redirection	Url
Details	Source	https://blog.alyac.co.kr/3550

URL Provider

Details	Provider	Source level domain
Details	alyac.co.kr	blog.alyac.co.kr

Attributes

Details	Type	#Events	Value
Details	Domain	3	dnsservice.esy.es
Details	Domain	42	rambler.ru
Details	Domain	1	surl.me
Details	Domain	1	ifes-ras.ru
Details	Domain	3	www.zip
Details	Domain	3	upsrv.16mb.com
Details	Domain	1	rights.zip
Details	Domain	2	upgradesrv.890m.com
Details	Domain	4	documentserver.site
Details	Domain	155	yandex.com
Details	Domain	3	emailnaver.com
Details	Domain	24	publicdomainregistry.com
Details	Domain	3	nicnaver.com
Details	Domain	3	mysoftazure.com
Details	Domain	3	hostinger.com
Details	Domain	3	proattachfile.com
Details	Domain	3	softfilemanage.com
Details	Email	1	ludmila_hph@rambler.ru
Details	Email	2	poole.sion2015@yandex.com
Details	File	1	kpp.pdf
Details	File	13	down.php
Details	File	12	www.zip
Details	File	1	'입사지원서.pdf
Details	File	1	'입사지원서.zip
Details	File	1	입사지원서.zip
Details	File	7	%windir%\system32\mshta.exe
Details	File	1	upda.php
Details	File	1	'upda.php
Details	File	4	11.pdf
Details	File	1	'www.zip
Details	File	1	rights.zip
Details	File	8	meeting.exe
Details	File	1206	index.php
Details	File	1	unification.exe
Details	IPv4	1	93.188.160.77
Details	IPv4	1	94.242.58.64
Details	IPv4	1	31.170.161.28
Details	Url	1	http://dnsservice.esy.es/upda.php