북한 김수키(Kimsuky)에서 만든 악성코드-20241003_20134.docx.lnk(2024.10.3)
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Software - T1592.002 Mshta - T1170 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 6e0b2df1-9601-4730-af43-b9404c9b99e0 |
| Fingerprint | dc8c52c59ba77c34 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 8, 2024, midnight |
| Added to db | Oct. 7, 2024, 5:49 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | 꿈을꾸는 파랑새 |
| Title | 북한 김수키(Kimsuky)에서 만든 악성코드-20241003_20134.docx.lnk(2024.10.3) |
| Detected Hints/Tags/Attributes | 39/2/28 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://wezard4u.tistory.com/429294 |
| Details | Source | https://wezard4u.tistory.com/429294 |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 478 | ✔ | 꿈을꾸는 파랑새 | https://wezard4u.tistory.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 372 | wscript.shell |
|
| Details | Domain | 2 | monce.run |
|
| Details | Domain | 6 | sh.run |
|
| Details | Domain | 228 | system.io |
|
| Details | Domain | 339 | system.net |
|
| Details | Domain | 3 | lnk.starter.bj |
|
| Details | File | 11 | 악성코드-20241003_20134.docx |
|
| Details | File | 2 | 20241003_20134.docx |
|
| Details | File | 456 | mshta.exe |
|
| Details | File | 4 | s.vbs |
|
| Details | File | 9 | t.zip |
|
| Details | File | 3 | 07578.tmp |
|
| Details | File | 3 | r9147.vbs |
|
| Details | File | 3 | xm568.tmp |
|
| Details | File | 2 | xs023.tmp |
|
| Details | File | 2 | c:\programdata\xm568.tmp |
|
| Details | File | 3 | c:\programdata\s.vbs |
|
| Details | File | 1 | 68.tmp |
|
| Details | File | 1 | c:\\programdata\\xm568.tmp |
|
| Details | File | 9 | 악성코드-pow.ps1 |
|
| Details | md5 | 1 | 42f3e0840bde6eccd1e17b32b48d6096 |
|
| Details | sha1 | 1 | c38a378d4d9af72957183cddebb2a659d024fd0c |
|
| Details | sha256 | 1 | aaecb10ca453bec3bb95bedac6d773a593ea984509845eb7b15d8894d4b385ad |
|
| Details | IPv4 | 14 | 6.6.4.1 |
|
| Details | IPv6 | 2 | ::f |
|
| Details | Microsoft Patch Numbers | 22 | KB5043145 |
|
| Details | Microsoft Patch Numbers | 13 | KB5043131 |
|
| Details | Threat Actor Identifier - FIN | 377 | FIN7 |