Meterpreter를 이용해 웹 서버를 공격하는 Kimsuky 그룹 - ASEC BLOG
Tags
attack-pattern: Powershell - T1059.001 Regsvr32 - T1218.010 Connection Proxy - T1090 Powershell - T1086 Regsvr32 - T1117
Show in Graph
Common Information
Type Value
UUID 47e3db71-130d-44d5-b7e0-89ca89fd0363
Fingerprint 9cdf00821da3db68
Analysis status DONE
Considered CTI value 0
Text language
Published May 15, 2023, 5:06 p.m.
Added to db May 24, 2023, 11:26 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Meterpreter를 이용해 웹 서버를 공격하는 Kimsuky 그룹
Title Meterpreter를 이용해 웹 서버를 공격하는 Kimsuky 그룹 - ASEC BLOG
Detected Hints/Tags/Attributes 10/1/13
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/ko/52662/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 18 ASEC https://asec.ahnlab.com/ko/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 128 
w3wp.exe
Details File 2 
img.dat
Details File 1208 
powershell.exe
Details File 4 
up.dat
Details File 2 
c:\programdata\img.dat
Details File 459 
regsvr32.exe
Details File 24 
cl.exe
Details md5 2 
000130a373ea4085b87b97a0c7000c86
Details md5 2 
6b2062e61bcb46ce5ff19b329ce31b03
Details IPv4 2 
45.58.52.82
Details IPv4 1441 
127.0.0.1
Details Url 2 
http://45.58.52.82/up.dat
Details Url 2 
http://45.58.52.82/cl.exe