ioc[.]one - OSINT Cyber Threat Intelligence Database

Sunlogin 취약점 공격으로 유포 중인 Sliver 악성코드 with BYOVD - ASEC BLOG

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	73e6049b-a7a8-4542-9f59-86afdf8fc154
Fingerprint	d28a4edb8f079985
Analysis status	DONE
Considered CTI value	2
Text language
Published	Jan. 25, 2023, 9:38 a.m.
Added to db	Jan. 25, 2023, 1:59 a.m.
Last updated	Nov. 17, 2024, 10:40 p.m.
Headline	Sunlogin 취약점 공격으로 유포 중인 Sliver 악성코드 with BYOVD
Title	Sunlogin 취약점 공격으로 유포 중인 Sliver 악성코드 with BYOVD - ASEC BLOG
Detected Hints/Tags/Attributes	30/2/45

Source URLs

	Redirection	Url
Details	Source	https://asec.ahnlab.com/ko/46208/

URL Provider

Details	Provider	Source level domain
Details	ahnlab.com	asec.ahnlab.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	18	✔	ASEC	https://asec.ahnlab.com/ko/feed/	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	China National Vulnerability Database CNVD	8	CNVD-2022-10270
Details	China National Vulnerability Database CNVD	8	CNVD-2022-03672
Details	Domain	2	idc6.yjzj.org
Details	File	5	sunloginclient.exe
Details	File	2	syse.bat
Details	File	9	t.zip
Details	File	2	t_64.zip
Details	File	3	watch.exe
Details	File	4	splwow32.exe
Details	File	2	winsyscorer.bin
Details	File	9	2.ps1
Details	File	2	ujacldfajlvjfaslflcevdfuaelfiua.exe
Details	File	14	mhyprot2.sys
Details	File	2126	cmd.exe
Details	File	10	powercat.ps1
Details	File	2	acl.exe
Details	File	9	text.config
Details	File	153	config.json
Details	File	2	acl2.exe
Details	File	42	7za.exe
Details	md5	2	836810671d8e1645b7dd35b567d75f27
Details	md5	2	29d04d986a31fbeab39c6b7eab5f5550
Details	md5	2	17a84000567055be92bda8659de5184d
Details	md5	2	57b21f6b5d50e4ec525bee77bc724a4d
Details	md5	2	7eaa2e3d9c8b7aa6ecdd8dad0d1ba673
Details	md5	2	1c5e484da6e6e1c2246f6d65f23bb49b
Details	md5	2	8c10401a59029599bed435575914b30d
Details	md5	2	2434d32b1bebf22ac7ab461a44cf1624
Details	md5	2	f71b0c2f7cd766d9bdc1ef35c5ec1743
Details	md5	2	8a319fa42e7c7432318f28a990f15696
Details	md5	2	6f0c0faada107310bddc59f113ae9013
Details	IPv4	2	11.0.0.33
Details	IPv4	2	45.144.3.216
Details	IPv4	2	43.128.62.42
Details	IPv4	2	5.199.173.103
Details	IPv4	2	61.155.8.2
Details	Url	2	http://45.144.3.)216/powercat.ps1
Details	Url	2	http://5.199.173.103/syse.bat
Details	Url	2	http://5.199.173.103/t.zip
Details	Url	2	http://5.199.173.103/t_64.zip
Details	Url	2	http://5.199.173.103/7za.exe
Details	Url	2	http://61.155.8.2:81/c6/include/images/help23.sct
Details	Url	2	http://45.144.3.216/2.ps1
Details	Url	2	http://45.144.3.216/powercat.ps1
Details	Url	2	http://43.128.62.42/acl.exe