암호화폐 내용의 Konni APT 캠페인과 '오퍼레이션 헌터 아도니스'
Tags
| country: | North Korea |
| attack-pattern: | Server - T1583.004 Server - T1584.004 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | 5ac76e13-4b77-4a44-98ce-bb07fb325e3e |
| Fingerprint | 5f3e54d64d74546c |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Jan. 2, 2019, 4:53 p.m. |
| Added to db | Jan. 30, 2023, 4:35 p.m. |
| Last updated | Nov. 18, 2024, 1:38 a.m. |
| Headline | |
| Title | 암호화폐 내용의 Konni APT 캠페인과 '오퍼레이션 헌터 아도니스' |
| Detected Hints/Tags/Attributes | 23/2/46 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://blog.alyac.co.kr/2061 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 3 | filer2.1apps.com |
|
| Details | Domain | 12 | setup.cab |
|
| Details | Domain | 7 | read.pudn.com |
|
| Details | File | 3 | 관련자료.doc |
|
| Details | File | 2127 | cmd.exe |
|
| Details | File | 7 | '1.txt |
|
| Details | File | 11 | 'certutil.exe |
|
| Details | File | 35 | 2.txt |
|
| Details | File | 12 | setup.cab |
|
| Details | File | 20 | 3.txt |
|
| Details | File | 4 | ct.exe |
|
| Details | File | 7 | %temp%\install.bat |
|
| Details | File | 4 | '2.txt |
|
| Details | File | 4 | '3.txt |
|
| Details | File | 6 | 'setup.cab |
|
| Details | File | 5 | 'install.bat |
|
| Details | File | 28 | word.exe |
|
| Details | File | 2 | winnet.ini |
|
| Details | File | 1 | c:\users\public\word.exe |
|
| Details | File | 3 | 'word.exe |
|
| Details | File | 2 | 'winnet.ini |
|
| Details | File | 1 | 'alzipupdate.exe |
|
| Details | File | 1 | 'browserupdate.exe |
|
| Details | File | 1 | server.cpp |
|
| Details | File | 1 | __.htm |
|
| Details | File | 3 | korea.doc |
|
| Details | IPv4 | 2 | 103.249.31.159 |
|
| Details | Pdb | 2 | f:\0_work\_programe\dlldroper\virus-load\_result\virus-dll.pdb |
|
| Details | Pdb | 2 | f:\0_work\_programe\virus-load920\_result\virus-dll.pdb |
|
| Details | Pdb | 2 | f:\0_work\_programe\virus-load\_result\virus-dll.pdb |
|
| Details | Pdb | 2 | f:\0_work\_programe\virus-loadrussia\_result\virus-dll.pdb |
|
| Details | Pdb | 2 | f:\0_work\_programe\worm\infectworm_full_20170615\release\infectworm.pdb |
|
| Details | Pdb | 2 | f:\0_work\_programe\worm\infectworm_full_20170816\release\infectworm.pdb |
|
| Details | Pdb | 2 | f:\0_work\planes\2017\0414\doc7\release\doc.pdb |
|
| Details | Pdb | 2 | f:\0_work\planes\2017\0414\virus-load\_result\virus-dll.pdb |
|
| Details | Pdb | 2 | f:\0_work\planes\2017\0502\virus-load\_result\virus-dll.pdb |
|
| Details | Pdb | 2 | f:\0_work\planes\2017\0502\virus-load\_result\virus-exe.pdb |
|
| Details | Pdb | 2 | f:\0_work\planes\2017\0508\doc7\release\doc.pdb |
|
| Details | Pdb | 2 | f:\0_work\planes\2017\0626\virus-load\_result\virus-dll.pdb |
|
| Details | Pdb | 2 | f:\0_work\planes\2017\0920\doc7\release\doc.pdb |
|
| Details | Pdb | 2 | f:\0_work\planes\2018\0328\doc7\release\doc.pdb |
|
| Details | Pdb | 2 | f:\0_work\planes\2018\forvirus\happy\release\happy.pdb |
|
| Details | Url | 1 | http://filer2.1apps.com/2.txt |
|
| Details | Url | 1 | http://filer2.1apps.com/3.txt |
|
| Details | Url | 1 | http://read.pudn.com/downloads62/sourcecode/hack/trojan/215589/src/server/server.cpp__.htm |
|
| Details | Windows Registry Key | 188 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run |