2024년 Webinar 안내장 사칭 APT 공격 포착
Tags
attack-pattern: | Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Powershell - T1086 |
Common Information
Type | Value |
---|---|
UUID | 7a9d3a60-be19-437d-8c29-b4350a3d8dbc |
Fingerprint | c95433de69285364 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Jan. 16, 2024, midnight |
Added to db | Aug. 31, 2024, 11:04 a.m. |
Last updated | Dec. 23, 2024, 11:18 a.m. |
Headline | 2024년 Webinar 안내장 사칭 APT 공격 포착 |
Title | 2024년 Webinar 안내장 사칭 APT 공격 포착 |
Detected Hints/Tags/Attributes | 20/1/30 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.genians.co.kr/blog/threat_intelligence/webinar-apt |
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 446 | ✔ | 위협분석보고서-genians | https://www.genians.co.kr/blog/threat_intelligence/rss.xml | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 11 | forms.gle |
|
Details | Domain | 251 | system.io |
|
Details | Domain | 4 | lnkfile.seek |
|
Details | Domain | 4 | lnkfile.read |
|
Details | Domain | 1 | hybrid.zip |
|
Details | Domain | 1293 | gmail.com |
|
Details | 1 | nanhaii815@gmail.com |
||
Details | File | 1 | 안내장.zip |
|
Details | File | 2335 | cmd.exe |
|
Details | File | 5 | rshell.exe |
|
Details | File | 8 | 'user32.dll |
|
Details | File | 39 | 'cmd.exe |
|
Details | File | 9 | ||
Details | File | 1 | '+'public.dat |
|
Details | File | 1 | '+'241223.bat |
|
Details | File | 3 | 'public.dat |
|
Details | File | 1 | '241223.bat |
|
Details | File | 136 | msedge.exe |
|
Details | File | 1355 | powershell.exe |
|
Details | File | 1 | c:\users\public\public.dat |
|
Details | File | 1 | 'hybrid.zip |
|
Details | File | 1 | 'my32.jpg |
|
Details | File | 1 | 'other32.jpg |
|
Details | File | 2 | '360tray.exe |
|
Details | File | 36 | 360tray.exe |
|
Details | md5 | 1 | 485AF6EA63BBEC8AE02F8A6184CAE96F |
|
Details | md5 | 1 | 300FB8E4294E902EFE736E42EA262266 |
|
Details | md5 | 1 | 2304183C6738E42BA89FC29F881B0684 |
|
Details | md5 | 1 | 4825FC554F9565AD356501293363C901 |
|
Details | Threat Actor Identifier - APT | 322 | APT37 |