CobaltStrike를 이용한 아파치 웹 서버 대상 크립토재킹 공격 캠페인 - ASEC BLOG
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Dns - T1071.004 Dns - T1590.002 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 |
Common Information
| Type | Value |
|---|---|
| UUID | 4e999617-940d-4440-9d64-a025c030b6f8 |
| Fingerprint | 72934bf4e324721d |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 14, 2023, 10:47 a.m. |
| Added to db | Nov. 19, 2023, 9:21 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | CobaltStrike를 이용한 아파치 웹 서버 대상 크립토재킹 공격 캠페인 |
| Title | CobaltStrike를 이용한 아파치 웹 서버 대상 크립토재킹 공격 캠페인 - ASEC BLOG |
| Detected Hints/Tags/Attributes | 20/2/37 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/ko/58882/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 18 | ✔ | ASEC | https://asec.ahnlab.com/ko/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | gd.one188.one |
|
| Details | Domain | 2 | www.beita.site |
|
| Details | File | 36 | httpd.exe |
|
| Details | File | 3 | gh0strat.c4 |
|
| Details | File | 2 | 3jonxp.exe |
|
| Details | File | 2 | 3jonxp-signed.exe |
|
| Details | File | 2 | 256.exe |
|
| Details | File | 2 | 256-signed.exe |
|
| Details | File | 58 | test.exe |
|
| Details | File | 2 | artifact_x64.exe |
|
| Details | File | 8 | vmp.exe |
|
| Details | File | 156 | 1.exe |
|
| Details | File | 53 | server.exe |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 3 | helper.php |
|
| Details | File | 17 | s.php |
|
| Details | File | 8 | updates.rss |
|
| Details | File | 18 | ga.js |
|
| Details | md5 | 2 | 719253ddd9c49a5599b4c8582703c2fa |
|
| Details | md5 | 2 | 594365ee18025eb9c518bb266b64f3d2 |
|
| Details | md5 | 2 | d4015f101a53555f6016f2f52cc203c3 |
|
| Details | md5 | 2 | 1842271f3dbb1c73701d8c6ebb3f8638 |
|
| Details | md5 | 2 | 36064bd60be19bdd4e4d1a4a60951c5f |
|
| Details | md5 | 2 | 5949d13548291566efff20f03b10455c |
|
| Details | md5 | 2 | c9e9ef2c2e465d3a5e1bfbd2f32ce5cd |
|
| Details | md5 | 2 | 85e191a1fff9f6d09fb46807fd2dea37 |
|
| Details | md5 | 2 | b269dd0b89d404d5ad20851e0d5c322e |
|
| Details | md5 | 2 | 205c12fabb38b13c42b947e80dc3d53a |
|
| Details | md5 | 2 | 6b837fafaa1fbc2a4ddb35a748f4c11e |
|
| Details | md5 | 2 | f9d6a75875991086e1fb5985fc239df3 |
|
| Details | IPv4 | 2 | 121.135.44.49 |
|
| Details | IPv4 | 2 | 202.30.19.218 |
|
| Details | Url | 2 | http://121.135.44.49:808/ptj |
|
| Details | Url | 2 | http://121.135.44.49:808/updates.rss |
|
| Details | Url | 2 | http://121.135.44.49:808/ga.js |
|
| Details | Url | 2 | http://121.135.44.49:808/a4vr |
|
| Details | Url | 2 | http://www.beita.site/api/2 |