ioc[.]one - OSINT Cyber Threat Intelligence Database

Distribution of HWP Malware via Real-estate Investment Emails (Uses EPS) - ASEC BLOG

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	608d6fbf-a24f-48c4-b3b9-b2d910412aa4
Fingerprint	2421194d0b7caf69
Analysis status	DONE
Considered CTI value	0
Text language
Published	May 25, 2020, 4:05 p.m.
Added to db	Sept. 11, 2022, 4:59 p.m.
Last updated	Sept. 5, 2024, 1:02 a.m.
Headline	Distribution of HWP Malware via Real-estate Investment Emails (Uses EPS)
Title	Distribution of HWP Malware via Real-estate Investment Emails (Uses EPS) - ASEC BLOG
Detected Hints/Tags/Attributes	23/2/12

Source URLs

	Redirection	Url
Details	Source	https://asec.ahnlab.com/en/17453/

URL Provider

Details	Provider	Source level domain
Details	ahnlab.com	asec.ahnlab.com

Attributes

Details	Type	#Events	CTI	Value
Details	CVE	22		cve-2017-8291
Details	Domain	3		sixbitsmedia.com
Details	Domain	4		mokawafm.com
Details	File	2		%appdata%\microsoft\internet explorer\security.vbs
Details	File	14		category.php
Details	File	1		%appdata%\microsoft\internet explorer\security.db
Details	File	3		security.db
Details	File	10		dialog.php
Details	File	27		agent.c4
Details	IPv4	2		51.81.21.96
Details	Url	3		https://sixbitsmedia.com/wp-content/uploads/wp-logs/category.php?uid=0
Details	Url	4		https://mokawafm.com/wp-content/plugins/ckeditor-for-wordpress/ckeditor/plugins/image/dialog.php