다양한 주제를 이용하여 CHM 악성코드를 유포 중인 Kimsuky - ASEC BLOG
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 4ba528b7-0096-4be7-af84-5684a2c245d0 |
| Fingerprint | a02e27c4573c5b3f |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 16, 2023, 2:03 p.m. |
| Added to db | June 16, 2023, 9:58 a.m. |
| Last updated | Nov. 17, 2024, 6:32 p.m. |
| Headline | 다양한 주제를 이용하여 CHM 악성코드를 유포 중인 Kimsuky |
| Title | 다양한 주제를 이용하여 CHM 악성코드를 유포 중인 Kimsuky - ASEC BLOG |
| Detected Hints/Tags/Attributes | 13/2/46 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/ko/53426/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 18 | ✔ | ASEC | https://asec.ahnlab.com/ko/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | vndjgheruewy1.com |
|
| Details | Domain | 2 | qung03.cab |
|
| Details | File | 1 | 확인서.chm |
|
| Details | File | 1 | 신청서.chm |
|
| Details | File | 1 | 신고안내.chm |
|
| Details | File | 1 | 수정본.chm |
|
| Details | File | 1 | 납부서.chm |
|
| Details | File | 1 | 서면결의서.chm |
|
| Details | File | 1 | 교육비납입증명서.chm |
|
| Details | File | 2 | 자료.chm |
|
| Details | File | 2 | %userprofile%\links\oeirituttvv.vbs |
|
| Details | File | 2 | %userprofile%\links\oeirituttbb.dat |
|
| Details | File | 2 | %userprofile%\links\oeirituttvv.dat |
|
| Details | File | 2 | %userprofile%\links\oeirituttbb.bat |
|
| Details | File | 2 | oeirituttbb.vbs |
|
| Details | File | 2 | oeirituttvv.bat |
|
| Details | File | 2 | pung03.txt |
|
| Details | File | 2 | qung03.txt |
|
| Details | File | 2 | pung03.bat |
|
| Details | File | 2 | qung03.cab |
|
| Details | File | 2 | temprr03.bat |
|
| Details | File | 2 | loyes03.bat |
|
| Details | File | 2 | mnasrt.vbs |
|
| Details | File | 2 | loyestemp03.bat |
|
| Details | File | 2 | dwpp.vbs |
|
| Details | File | 2 | uwpp.vbs |
|
| Details | File | 2 | cudk.txt |
|
| Details | File | 2 | ipif.txt |
|
| Details | File | 2 | stif.txt |
|
| Details | File | 2 | uwpp.php |
|
| Details | File | 2 | dw_%computername%.dat |
|
| Details | md5 | 2 | b5a873ee6b839cbd03789115fc3ae944 |
|
| Details | md5 | 2 | 9861999409cdbc1f7c4c1079d348697c |
|
| Details | md5 | 2 | 7c7b8dd6dd4ba7b443e84287671f0e79 |
|
| Details | md5 | 2 | 98764ae00cee9f2cc87530601c159387 |
|
| Details | md5 | 2 | d62dcb76fa0fb4b725ea9c8643874ae7 |
|
| Details | md5 | 2 | e9e56ee78e019e09d5dbe0bb373adf09 |
|
| Details | md5 | 2 | ef58a1326b98feccc90c4d37a8ce2fe2 |
|
| Details | md5 | 2 | ae6fdb8945991b587ab790c2121345ce |
|
| Details | md5 | 2 | 075160d6c8d82b96d1ae7893761695a6 |
|
| Details | md5 | 2 | e5b0430290dc71193b7ea2fc829a9910 |
|
| Details | Url | 2 | http://vndjgheruewy1.com/tnd/pung03.txt |
|
| Details | Url | 2 | http://vndjgheruewy1.com/tnd/qung03.txt |
|
| Details | Url | 2 | http://vndjgheruewy1.com/uun06/uwpp.php |
|
| Details | Url | 2 | http://vndjgheruewy1.com/jun06/dw_%computername%.dat |
|
| Details | Windows Registry Key | 112 | HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |