Andariel 그룹의 국내 솔루션 대상 공격 사례 분석 (SmallTiger) - ASEC
Tags
| attack-pattern: | Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 5c131dc7-d279-4e7e-aa2b-efb037fc6627 |
| Fingerprint | f9c1975ee0a2bde3 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 22, 2024, 3 p.m. |
| Added to db | Dec. 23, 2024, 9:19 a.m. |
| Last updated | Dec. 23, 2024, 5:11 p.m. |
| Headline | Andariel 그룹의 국내 솔루션 대상 공격 사례 분석 (SmallTiger) |
| Title | Andariel 그룹의 국내 솔루션 대상 공격 사례 분석 (SmallTiger) - ASEC |
| Detected Hints/Tags/Attributes | 10/1/8 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/ko/85270/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 18 | ✔ | ASEC | https://asec.ahnlab.com/ko/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | File | 1 | msmplog.tmp |
|
| Details | File | 1356 | powershell.exe |
|
| Details | File | 1 | pizza.jsp |
|
| Details | File | 1 | threadstate.jsp |
|
| Details | IPv4 | 1 | 20.20.100.32 |
|
| Details | IPv4 | 1 | 45.61.148.153 |
|
| Details | Url | 1 | http://45.61.148.153/pizza.jsp’,’c:\*********\web\*********\threadstate.jsp |
|
| Details | Windows Registry Key | 7 | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal |