ioc[.]one - OSINT Cyber Threat Intelligence Database

Targeted attacks on major industry sectors in south korea 20171201 ch…

Tags

country:	North Korea South Korea
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Dynamic Dns - T1311 Dynamic Dns - T1333 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Mmc - T1218.014 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Connection Proxy - T1090

Show in Graph

Common Information

Type	Value
UUID	760e59b1-5d84-4d73-b7ab-f7c6748b3ab7
Fingerprint	9c6e84bdcdace589
Analysis status	DONE
Considered CTI value	1
Text language
Published	Dec. 10, 2017, midnight
Added to db	Jan. 30, 2023, 4:33 p.m.
Last updated	Nov. 17, 2024, 11:36 p.m.
Headline	Targeted attacks on major industry sectors in south korea 20171201 cha minseok_avar 2017 beijing_full version
Title	Targeted attacks on major industry sectors in south korea 20171201 ch…
Detected Hints/Tags/Attributes	104/3/100

Source URLs

	Redirection	Url
Details	Source	https://www.slideshare.net/JackyMinseokCha/targeted-attacks-on-major-industry-sectors-in-south-korea-20171201-cha-minseokavar-2017-beijingfull-version

URL Provider

Details	Provider	Source level domain
Details	slideshare.net	www.slideshare.net

Attributes

Details	Type	#Events	Value
Details	CVE	6	cve-2016-7256
Details	CVE	11	cve-2015-6585
Details	Domain	54	www.ahnlab.com
Details	Domain	5	secunewsview.do
Details	Domain	1	ciobiz.etnews.com
Details	Domain	4	uk.businessinsider.com
Details	Domain	2	www.hani.co.kr
Details	Domain	403	securelist.com
Details	Domain	1	www.netsarang.co.kr
Details	Domain	1	www.hanatour.com
Details	Domain	5	www.koreatimes.co.kr
Details	Domain	123	www.reuters.com
Details	Domain	24	researchcenter.paloaltonetworks.com
Details	Domain	65	imgur.com
Details	Domain	219	gist.github.com
Details	Domain	9	www.boannews.com
Details	Domain	6	www.etnews.com
Details	Domain	19	ahnlab.com
Details	Domain	1175	gmail.com
Details	Domain	2	xcoolcat7.tistory.com
Details	Domain	335	www.facebook.com
Details	Domain	1373	twitter.com
Details	Domain	4	download.ahnlab.com
Details	Domain	9	www.fsec.or.kr
Details	Domain	4	910.do
Details	Email	5	minseok.cha@ahnlab.com
Details	Email	4	mstoned7@gmail.com
Details	File	1	erebus-ransomware-hit-south-korea.html
Details	File	7	article.html
Details	File	2	0200000000aen20170906007600315.html
Details	File	1	801322.html
Details	File	2	security_exploit_in_july_18_2017_build.html
Details	File	1	bb-20000.asp
Details	File	4	v3pscan.exe
Details	File	2	116_191362.html
Details	File	1	-v3ui.exe
Details	File	4	phantom.exe
Details	File	2	-originalfilenamewasphantom.exe
Details	File	9	operation-blockbuster-report.pdf
Details	File	13	view.asp
Details	File	1	6ro4.dll
Details	File	1	6to4nt.dll
Details	File	1	ahn.exe
Details	File	3	ahnsdsv.exe
Details	File	1	ahnupdate.exe
Details	File	4	ayagent.exe
Details	File	271	chrome.exe
Details	File	137	conhost.exe
Details	File	7	conime.exe
Details	File	63	ctfmon.exe
Details	File	1	deskmvr.exe
Details	File	1	dlg.exe
Details	File	1	htrn.dll
Details	File	1	hyper.dll
Details	File	7	lpk.dll
Details	File	478	lsass.exe
Details	File	1	mfc.exe
Details	File	54	mmc.exe
Details	File	6	msacm32.dll
Details	File	1	netfxocm.exe
Details	File	1	serskt.exe
Details	File	1	svcsep.exe
Details	File	117	taskmgr.exe
Details	File	1	tpcon.exe
Details	File	2	tsc.exe
Details	File	1	v3update.exe
Details	File	5	winhelp.exe
Details	File	1	2013bisonal.pdf
Details	File	141	www.cer
Details	File	1	defense_industry_threats.pdf
Details	File	1	industry.pdf
Details	Github username	4	anonymous
Details	Pdb	1	win32releaseinstallbd.pdb
Details	Url	1	http://www.ahnlab.com/kr/site/securityinfo/secunews/secunewsview.do?seq=26309
Details	Url	1	http://securityaffairs.co/wordpress/60281/malware/erebus-ransomware-hit-south-korea.html&http://english.etnews.com/20171109200001
Details	Url	1	http://ciobiz.etnews.com/news/article.html?id=20171129120027
Details	Url	2	http://english.yonhapnews.co.kr/news/2017/09/06/0200000000aen20170906007600315.html&http://www.itworld.co.kr/news/106281
Details	Url	1	http://uk.businessinsider.com/south-korean-bitcoin-exchange-bithumb-hacked-ethereum-2017-7
Details	Url	1	http://www.hani.co.kr/arti/economy/it/801322.html
Details	Url	5	https://securelist.com/shadowpad-in-corporate-networks/81432
Details	Url	1	http://www.netsarang.co.kr/news/security_exploit_in_july_18_2017_build.html
Details	Url	2	https://coinjournal.net/south-koreas-largest-travel-agency-breached-hacker-demands-bitcoin-payment
Details	Url	1	http://www.hanatour.com/asp/custcenter/bb-20000.asp
Details	Url	2	http://www.koreatimes.co.kr/www/news/nation/2015/11/116_191362.html
Details	Url	2	http://www.reuters.com/article/us-northkorea-southkorea-cyber-iduskcn0yz0be
Details	Url	2	https://www.operationblockbuster.com/wp-content/uploads/2016/02/operation-blockbuster-report.pdf
Details	Url	1	https://researchcenter.paloaltonetworks.com/2017/08/unit42-blockbuster-saga-continues
Details	Url	1	http://imgur.com/qxngfvz&source:https://gist.github.com/anonymous/7b9a0a0ac94065ccfc5b
Details	Url	2	http://www.boannews.com/media/view.asp?idx=48598&kind=0
Details	Url	2	http://www.etnews.com/20151007000172
Details	Url	1	https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the-heartbeat-apt-campaign&https://camal.coseinc.com/publish/2013bisonal.pdf
Details	Url	1	https://blogs.technet.microsoft.com/mmpc/2015/04/13/bioazih-rat-how-clean-file-metadata-can-help-keep-you-safe/&http://www.cert-in.org.in&https://www.virusbulletin.com/conference/vb2017/abstracts/operation-
Details	Url	2	http://xcoolcat7.tistory.com
Details	Url	3	https://www.facebook.com/xcoolcat7
Details	Url	1	https://twitter.com/xcoolcat7
Details	Url	1	https://twitter.com/mstoned7
Details	Url	1	http://www.ahnlab.com/kr/site/securityinfo/secunews/secunewsview.do?seq=26565abc
Details	Url	1	http://download.ahnlab.com/kr/site/library/[analysis]defense_industry_threats.pdf
Details	Url	1	http://download.ahnlab.com/global/brochure/tech_report_defense
Details	Url	1	https://www.fsec.or.kr/user/bbs/fsec/21/13/bbsdataview/910.do