ioc[.]one - OSINT Cyber Threat Intelligence Database

Distribution of Word File (External + RTF) Modified to Avoid Detection - ASEC BLOG

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004

Show in Graph

Common Information

Type	Value
UUID	5b03978b-712d-4126-9570-ce7c76d25452
Fingerprint	301a2cef29e19ea7
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 10, 2022, 2:49 p.m.
Added to db	Nov. 10, 2022, 7:37 a.m.
Last updated	Nov. 17, 2024, 5:55 p.m.
Headline	Distribution of Word File (External + RTF) Modified to Avoid Detection
Title	Distribution of Word File (External + RTF) Modified to Avoid Detection - ASEC BLOG
Detected Hints/Tags/Attributes	29/2/44

Source URLs

	Redirection	Url
Details	Source	https://asec.ahnlab.com/en/41472/

URL Provider

Details	Provider	Source level domain
Details	ahnlab.com	asec.ahnlab.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	17	✔	ASEC	https://asec.ahnlab.com/en/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	375	cve-2017-11882
Details	Domain	36	schemas.openxmlformats.org
Details	Domain	25	mdp.download
Details	File	17	websettings.xml
Details	File	2	resource.txt
Details	File	20	win.msi
Details	File	2	zzxxxz_z_xcccc_zxxz.doc
Details	File	70	vbc.exe
Details	File	82	fre.php
Details	md5	2	655dc599da82d7acfd5f35683c3fe128
Details	md5	2	402d0dc1120c20d21a539bd8d564a6c0
Details	md5	2	471130cf70d5bc013d818098fb55749a
Details	IPv4	2	192.3.136.167
Details	IPv4	3	208.67.105.162
Details	IPv4	2	192.227.132.46
Details	IPv4	2	192.3.101.120
Details	IPv4	2	85.31.46.5
Details	IPv4	2	192.3.101.125
Details	IPv4	2	198.23.187.168
Details	IPv4	2	161.129.44.62
Details	IPv4	2	107.172.4.181
Details	IPv4	2	104.168.32.131
Details	Url	22	http://schemas.openxmlformats.org/package/2006/relationships
Details	Url	5	http://schemas.openxmlformats.org/officedocument/2006/relationships/frame
Details	Url	2	http://zzzxcaaqwszazzxczxcadsqqazzxczczzzxqwaazzazxsaqwsaa@3221[45]7063/zxxsaassswq__zzzaxxsccvb__zxxxswqaaxxzzza_sdadzzqwqzzxs_dasdzsadasdas/zzxxxz_z_xcccc_zxxz.doc
Details	Url	2	http://sdkjfksfjkjeigufdhgkfdgkhekhjhdfgkdgkhcicivbihberigidfghidgi@3236[13]5982/ego1/document_ego.doc
Details	Url	2	http://uuazzyqqazzxxbbvvbdhsgfhdshqzbsdnsdzsfbnsdfgh@3221[44]8056/uuuazzyqqazzxxbbvvbdhsgfhdshqzbsdnsdzsfbnsdfghdsfh/zxxaawazzzawwwazzasqwazzas.doc
Details	Url	2	http://zzxaaqwwweerss@1428[10]6757/zzxaaqwwweerrrrsszzxxzaaqqwwaaaqqzzzssweeessszzaazzswwe/zzxaaqwwweerrrrsszzxxzaaqqwwaaaq.doc
Details	Url	2	http://zqwerdfgvcbzasdcxssqwsedcfvfrdsaswwszawws@3221[44]8061/zxsswweerrss_zaqsddff_zxcvbfdd_qaszxxcc_zaswssxcv/zqasxxcvvfd_zqwwsdcxv.doc
Details	Url	2	http://wwerwerwrwerjasduhuasduyuashudhusadhuasdu@3323[44]4136/zzwweqwwerwerwrwerjasduhuasduyuashudhusadhuasdu/zaawqqqaazzzxcvbbvgtttyhhjjg.doc
Details	Url	2	http://aszqasdhjahsdjqzzaszwqasdasdasdjhj@2709[59]7246/ziioooooeroiooisodfo___————sdfjhjjhjhjhhj/ziiuewirisdfjhfjh.doc
Details	Url	2	http://aszqasdhjahsdjqzzaszwqasdasdasdjhj@1806[43]5509/ziioooooeroiooisodfo__———_—sdfjhjjhjhjhhj/zppolldookfodfdfdf_o.doc
Details	Url	2	http://zxqwsszzxxcvbfggzzzassqqweezzasszzzewwwsdzzzs@1755[84]8835/zxxswqqeerrdde_sdfsdf_zaqqwaa_zxzxssds/zxccvddqaa_szzxcxccx.doc
Details	Url	2	http://192.3.136.167/zxxsaassswq__zzzaxxsccvb__zxxxswqaaxxzzza_sdadzzqwqzzxs_dasdzsadasdas/zzxxxz_z_xcccc_zxxz.doc
Details	Url	2	http://192.3.136.167/322/vbc.exe
Details	Url	2	http://208.67.105.162/perez/five/fre.php
Details	Url	2	http://192.227.132.46
Details	Url	2	http://192.3.101.120
Details	Url	2	http://85.31.46.5
Details	Url	2	http://192.3.101.125
Details	Url	2	http://198.23.187.168
Details	Url	2	http://161.129.44.62
Details	Url	2	http://107.172.4.181
Details	Url	2	http://104.168.32.131