새해 오피니언 언론 칼럼 위장 해킹 분석
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 652041b3-c203-4264-a1a8-ca06aa1941ef |
| Fingerprint | ea6506a6db2ac3e0 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 21, 2024, midnight |
| Added to db | Aug. 31, 2024, 11:03 a.m. |
| Last updated | Nov. 17, 2024, 5:54 p.m. |
| Headline | 새해 오피니언 언론 칼럼 위장 해킹 분석 |
| Title | 새해 오피니언 언론 칼럼 위장 해킹 분석 |
| Detected Hints/Tags/Attributes | 34/1/62 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.genians.co.kr/blog/threat_intelligence/nation-state |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 446 | ✔ | 위협분석보고서-genians | https://www.genians.co.kr/blog/threat_intelligence/rss.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 228 | system.io |
|
| Details | Domain | 194 | drive.google.com |
|
| Details | Domain | 1174 | gmail.com |
|
| Details | Domain | 61 | system.windows |
|
| Details | Domain | 6 | method.name |
|
| Details | Domain | 2 | akites.site |
|
| Details | Domain | 1 | civilarys.store |
|
| Details | Domain | 1 | naveralert.com |
|
| Details | Domain | 1 | navercafe.info |
|
| Details | Domain | 1 | naveralarm.com |
|
| Details | Domain | 1 | nidnaver.help |
|
| Details | Domain | 1 | nidnaver.info |
|
| Details | Domain | 1 | navecorps.com |
|
| Details | Domain | 2 | naverscorp.shop |
|
| Details | Domain | 1 | upbit2024.r-e.kr |
|
| Details | Domain | 1 | countrysvc.p-e.kr |
|
| Details | Domain | 1 | upbit-service.p-e.kr |
|
| Details | Domain | 1 | taxservice.p-e.kr |
|
| Details | Domain | 1 | kakaoteam.site |
|
| Details | Domain | 1 | navers.cc |
|
| Details | Domain | 1 | mofamail.homes |
|
| Details | Domain | 1 | mofamail.shop |
|
| Details | Domain | 2 | kakaoaccouts.store |
|
| Details | Domain | 1 | cloudown.store |
|
| Details | 1 | tianfox67@gmail.com |
||
| Details | File | 1 | 메시지.zip |
|
| Details | File | 1 | 메시지.docx |
|
| Details | File | 1 | 파일명.docx |
|
| Details | File | 90 | wordpad.exe |
|
| Details | File | 4 | '.ps1 |
|
| Details | File | 2 | %programfiles%\\windows nt\\accessories\\wordpad.exe |
|
| Details | File | 1 | 'swolf-first.ps1 |
|
| Details | File | 2 | swolf-first.ps1 |
|
| Details | File | 35 | 'powershell.exe |
|
| Details | File | 1 | 메시지.rtf |
|
| Details | File | 7 | '1.txt |
|
| Details | File | 1 | 'calc.txt |
|
| Details | File | 36 | compression.gzip |
|
| Details | File | 1 | 'rc.rtf |
|
| Details | File | 1 | 'cmdline.exe |
|
| Details | md5 | 1 | 2A40543F5B4B8CC1F4BD8993DF44708E |
|
| Details | md5 | 1 | 92A18B9AC4945B444466B9950CB83E10 |
|
| Details | md5 | 1 | ADE57773E415DB6265815DF636AA83E9 |
|
| Details | md5 | 1 | EC146031EDFE94B2965D32B384A4B54F |
|
| Details | md5 | 1 | F32653EC5E26AD7DA610DFC194FB66BA |
|
| Details | md5 | 1 | 1E25FED1DAB0E2E4651FC51DB806A8B9 |
|
| Details | md5 | 1 | 9E8BB11A8159EA5135DEF3895E7A5817 |
|
| Details | md5 | 1 | 14F97F5F286B1BE0CA7213218B478466 |
|
| Details | md5 | 1 | 9732AF12223214E121B0E693B2AB4E2C |
|
| Details | md5 | 1 | BD07301E0B028887D61337F62FF24062 |
|
| Details | md5 | 1 | D94C3DFFCFFCF8591A8630A893DEFF5F |
|
| Details | IPv4 | 2 | 159.100.29.38 |
|
| Details | IPv4 | 2 | 27.255.75.153 |
|
| Details | IPv4 | 2 | 27.255.81.113 |
|
| Details | IPv4 | 2 | 27.255.81.73 |
|
| Details | IPv4 | 2 | 27.255.81.77 |
|
| Details | IPv4 | 2 | 61.97.251.248 |
|
| Details | IPv4 | 3 | 27.255.75.158 |
|
| Details | IPv4 | 2 | 27.255.81.111 |
|
| Details | Url | 1 | https://drive.google.com/uc?export=download&id=1j |
|
| Details | Url | 1 | https://drive.google.com/uc?export=download&id=1x |
|
| Details | Url | 1 | https://drive.google.com/uc?export=download&id=1y |