외신 인터뷰 의뢰 사칭 김수키 공격 발견
Tags
| attack-pattern: | Dll Side-Loading - T1574.002 Malware - T1587.001 Malware - T1588.001 Mmc - T1218.014 Powershell - T1059.001 Dll Side-Loading - T1073 Powershell - T1086 Scripting - T1064 Scripting |
Common Information
| Type | Value |
|---|---|
| UUID | 517ed532-212e-4151-8f7d-7abfc75dd6d9 |
| Fingerprint | dce5d9ca2d309b87 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 5, 2024, 5:27 a.m. |
| Added to db | Aug. 31, 2024, 11:03 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | 외신 인터뷰 의뢰 사칭 김수키 공격 발견 |
| Title | 외신 인터뷰 의뢰 사칭 김수키 공격 발견 |
| Detected Hints/Tags/Attributes | 32/1/53 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.genians.co.kr/blog/threat_intelligence/interview |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 446 | ✔ | 위협분석보고서-genians | https://www.genians.co.kr/blog/threat_intelligence/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | profilepimpz.com |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 11 | ws.run |
|
| Details | Domain | 6 | post0.open |
|
| Details | Domain | 1 | temp.demetradesign.it |
|
| Details | Domain | 3 | brandwizer.co.in |
|
| Details | Domain | 5 | joongang.site |
|
| Details | Domain | 7 | rfa.ink |
|
| Details | Domain | 2 | orientedworld.com |
|
| Details | File | 1 | 'doc.bat |
|
| Details | File | 56 | tasklist.exe |
|
| Details | File | 27 | avpui.exe |
|
| Details | File | 119 | avp.exe |
|
| Details | File | 73 | view.php |
|
| Details | File | 41 | msxml2.xml |
|
| Details | File | 3 | qwer.gif |
|
| Details | File | 3 | qwer.bat |
|
| Details | File | 2 | fs.mov |
|
| Details | File | 29 | d.php |
|
| Details | File | 376 | wscript.exe |
|
| Details | File | 1 | c:\users\public\music\golve.vbs |
|
| Details | File | 1 | c:\users\public\music\golve golve.vbs |
|
| Details | File | 3 | 'tasklist.exe |
|
| Details | File | 1 | 'view.php |
|
| Details | File | 1 | 'golve.vbs |
|
| Details | File | 11 | 'wscript.exe |
|
| Details | File | 2 | 'qwer.gif |
|
| Details | File | 3 | 'd.php |
|
| Details | File | 2 | 'qwer.bat |
|
| Details | File | 1 | 'keyinfo.txt |
|
| Details | File | 1 | c:\users\public\music\qwer.vbs |
|
| Details | File | 2 | 'mmc.exe |
|
| Details | File | 54 | mmc.exe |
|
| Details | md5 | 1 | cb82751ae9f84709268fd5e5b135b74e |
|
| Details | md5 | 1 | 5f6303697bf8e978bf674ea8a7094673 |
|
| Details | md5 | 1 | d87ba0743c3de99f02b277068b9aea95 |
|
| Details | md5 | 1 | 1cfef99f68b749d81736397e652c3d87 |
|
| Details | md5 | 1 | a27a6dbb2144f2dff187d8abc7b3eafb |
|
| Details | md5 | 1 | 5eae3d3b9aeeb0a4186ad3b68ff2da59 |
|
| Details | md5 | 1 | a7c5797956520905f71ab79873bcf950 |
|
| Details | md5 | 1 | 9eb0b3e2f61ef255ef51ace86381a258 |
|
| Details | IPv4 | 1 | 46.252.150.82 |
|
| Details | IPv4 | 3 | 5.9.123.217 |
|
| Details | IPv4 | 4 | 162.0.209.27 |
|
| Details | IPv4 | 3 | 52.177.14.24 |
|
| Details | IPv4 | 1 | 89.40.173.131 |
|
| Details | Mandiant Temporary Group Assumption | 1 | TEMP.DEMETRADESIGN |
|
| Details | Url | 1 | https://temp.demetradesign.it/eternalwealth/wp-content/plugins/health-check/pages/interview/view.php?do= |
|
| Details | Url | 1 | https://temp.demetradesign.it/eternalwealth/wp-content/plugins/health-check/pages/interview/d.php?na=battmp |
|
| Details | Url | 1 | https://orientedworld.com/wp-content/plugins/health-check/pages/reuters/share |
|
| Details | Url | 1 | https://orientedworld.com/wp-content/plugins/health-check/pages/reuters/d.php?na=battmp |
|
| Details | Url | 1 | https://temp.demetradesign.it/eternalwealth/wp-content/plugins/health-check/pages/seh-lynn/share |
|
| Details | Url | 1 | https://temp.demetradesign.it/eternalwealth/wp-content/plugins/health-check/pages/seh-lynn/d.php?na=battmp |