Malware Disguised as Normal Documents (Kimsuky) - ASEC BLOG
Tags
country: North Korea
maec-delivery-vectors: Watering Hole
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Template Injection - T1221
Show in Graph
Common Information
Type Value
UUID 72fd2b03-478a-4fd7-8110-8a0fd7573b29
Fingerprint a6d5b9490d750faf
Analysis status DONE
Considered CTI value 2
Text language
Published Feb. 15, 2023, 9:17 a.m.
Added to db Feb. 15, 2023, 2:50 a.m.
Last updated Nov. 6, 2024, 11:06 a.m.
Headline Malware Disguised as Normal Documents (Kimsuky)
Title Malware Disguised as Normal Documents (Kimsuky) - ASEC BLOG
Detected Hints/Tags/Attributes 21/3/29
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/en/47585/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 17 ASEC https://asec.ahnlab.com/en/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 2 
www.hydrotec.co.kr
Details Domain 3 
jooshineng.com
Details Domain 2 
gdtech.kr
Details Domain 2 
ddim.co.kr
Details File 3 
questionnaire.docx
Details File 8 
letter.docx
Details File 3 
copy.docx
Details File 2 
init.dot
Details File 3 
state.dot
Details File 3 
version.bat
Details File 3 
state.docx
Details File 2 
%temp%\temp.vbs
Details File 64 
list.php
Details File 29 
show.php
Details md5 2 
55a46a2415d18093abcd59a0bf33d0a9
Details md5 2 
873b2b0656ee9f6912390b5abc32b276
Details md5 2 
83b4d96fc75f74bb589c28e8a9eddbbf
Details md5 2 
705ef00224f3f7b02e29f21eb6e10d02
Details Mandiant Temporary Group Assumption 4 
TEMP.VBS
Details Url 2 
http://www.hydrotec.co.kr/bbs/img/cmg/upload2/init.dotm
Details Url 2 
http://www.hydrotec.co.kr/bbs/img/cmg/upload3/init.dotm
Details Url 2 
http://jooshineng.com/gnuboard4/adm/img/ghp/up/state.dotm
Details Url 2 
http://gdtech.kr/gnuboard4/adm/cmg/attatch/init.dotm
Details Url 2 
http://ddim.co.kr/gnuboard4/adm/cmg/upload/init.dotm
Details Url 2 
http://gdtech.kr/gnuboard4/adm/cmg/upload/state.docx
Details Url 2 
http://gdtech.kr/gnuboard4/adm/cmg/upload/list.php?query=60
Details Url 2 
http://gdtech.kr/gnuboard4/adm/cmg/upload/show.php
Details Url 2 
http://ddim.co.kr/gnuboard4/adm/cmg/upload/show.php
Details Url 2 
http://www.hydrotec.co.kr/bbs/img/cmg/upload3/show.php