Malicious LNK File Being Distributed, Impersonating the National Tax Service - ASEC BLOG
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Rundll32 - T1218.011 Powershell - T1086 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | 3ccb3c7d-a403-40f4-ac90-52fa41317e2d |
| Fingerprint | 8422b84b07f48721 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Sept. 21, 2023, 5:27 p.m. |
| Added to db | Oct. 22, 2023, 9:15 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | Malicious LNK File Being Distributed, Impersonating the National Tax Service |
| Title | Malicious LNK File Being Distributed, Impersonating the National Tax Service - ASEC BLOG |
| Detected Hints/Tags/Attributes | 33/2/35 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/en/57176/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 17 | ✔ | ASEC | https://asec.ahnlab.com/en/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 9 | report.zip |
|
| Details | Domain | 2 | file.gdrive001.com |
|
| Details | Domain | 2 | 02641.zip |
|
| Details | Domain | 2 | filehost001.com |
|
| Details | File | 8 | report.zip |
|
| Details | File | 4 | 안내.zip |
|
| Details | File | 2 | %public%\02641.zip |
|
| Details | File | 22 | start.vbs |
|
| Details | File | 2 | 74116308.bat |
|
| Details | File | 2 | 02619992.bat |
|
| Details | File | 2 | 86856980.bat |
|
| Details | File | 2 | 20191362.bat |
|
| Details | File | 12 | unzip.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 2 | 53844252.bat |
|
| Details | File | 97 | upload.php |
|
| Details | File | 67 | get.php |
|
| Details | File | 9 | temprun.bat |
|
| Details | File | 64 | list.php |
|
| Details | File | 13 | %computername%.txt |
|
| Details | File | 1 | conference.xlsx |
|
| Details | File | 1 | unification.pdf |
|
| Details | File | 2 | securitymail.html |
|
| Details | md5 | 2 | 560e5977e5e5ce077adc9478cd93c2ac |
|
| Details | md5 | 2 | 7725d117d0bd0a7a5fb8ef101b019415 |
|
| Details | md5 | 2 | 2d0747533d4d3f138481c4c4cda9ea1e |
|
| Details | md5 | 2 | 9c3eef28b4418c40a7071ddcba17f0e8 |
|
| Details | md5 | 2 | 20f0e8362782c7451993e579336f2f3e |
|
| Details | md5 | 2 | b5f698fb96835d155fbcc1ccd4f4b520 |
|
| Details | md5 | 2 | ca11ba5e641156ff72400e7f5e103aee |
|
| Details | Url | 2 | https://file.gdrive001.com/read/?cu=jaebonghouse&so=종합소득세 |
|
| Details | Url | 1 | https://file.gdrive001.com/read/?cu=jaebonghouse&so=clarificationdocuments |
|
| Details | Url | 2 | http://filehost001.com/upload.php |
|
| Details | Url | 2 | https://file.gdrive001.com/read/get.php?cu=ln3&so=xu6502 |
|
| Details | Url | 2 | http://filehost001.com/list.php?f=%computername%.txt |