국내 기업 타겟의 FRP(Fast Reverse Proxy) 사용하는 공격 그룹 - ASEC BLOG
Common Information
Type Value
UUID 7d6207e3-5271-4129-a0f8-9c513535ef34
Fingerprint b4e24100da2db042
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 16, 2022, 8:32 p.m.
Added to db Jan. 16, 2023, 3:56 p.m.
Last updated Nov. 17, 2024, 7:44 p.m.
Headline 국내 기업 타겟의 FRP(Fast Reverse Proxy) 사용하는 공격 그룹
Title 국내 기업 타겟의 FRP(Fast Reverse Proxy) 사용하는 공격 그룹 - ASEC BLOG
Detected Hints/Tags/Attributes 25/1/101
Source URLs
Attributes
Details Type #Events CTI Value
Details CVE 19
cve-2018-8440
Details CVE 8
cve-2019-1405
Details CVE 6
cve-2019-1322
Details CVE 65
cve-2021-1675
Details CVE 45
cve-2021-1732
Details CVE 15
cve-2021-36934
Details CVE 19
cve-2021-40449
Details CVE 19
cve-2022-21882
Details CVE 11
cve-2022-21999
Details Domain 4127
github.com
Details Domain 13
info.zip
Details Domain 22
update.zip
Details Domain 42
co.kr
Details File 128
w3wp.exe
Details File 119
sqlservr.exe
Details File 2
frps.ini
Details File 7
frpc.ini
Details File 5
frps.exe
Details File 15
frpc.exe
Details File 2
%allusersprofile%\update.exe
Details File 2
%allusersprofile%\info.zip
Details File 2
%allusersprofile%\f.zip
Details File 2
%allusersprofile%\t.zip
Details File 2
%allusersprofile%\frpc.exe
Details File 2
%systemdrive%\perflogs\update.exe
Details File 2
%systemdrive%\temp\update.exe
Details File 2
%systemdrive%\temp\info.zip
Details File 2
%systemroot%\temp\frpc.exe
Details File 175
update.exe
Details File 24
update.zip
Details File 13
info.exe
Details File 13
info.zip
Details File 3
f.zip
Details File 5
htran.exe
Details File 14
c.txt
Details File 2
%systemdrive%\webdriver\chrome\c.txt
Details File 4
c:\windows\system32\bitlockerwizardelev.exe
Details File 8
asp.asp
Details File 4
juicypotato.c4
Details File 4
sweetpotato.c4
Details File 27
agent.c4
Details File 2
cve-2022-21999.c4
Details File 31
generic.c4
Details File 4
exploit.c4
Details File 4
frp.c4
Details Github username 3
alpha1ab
Details Github username 3
apt69
Details Github username 2
evilashz
Details Github username 3
kalendsi
Details Github username 6
gossithedog
Details Github username 5
ly4k
Details Github username 2
sailay1996
Details md5 4
0311ee1452a19b97e626d24751375652
Details md5 3
808502752ca0492aca995e9b620d507b
Details md5 4
4bafbdca775375283a90f47952e182d9
Details md5 5
9fe61c9538f2df492dff1aab0f90579f
Details md5 5
ab9091f25a5ad44bef898588764f1990
Details md5 4
87e5c9f3127f29465ae04b9160756c62
Details md5 4
fd0f73dd80d15626602c08b90529d9fd
Details md5 4
937435bbcbc3670430bb762c56c7b329
Details md5 2
4c56462a3735dba9ee5f132f670e3fb1
Details md5 3
2e2ddfd6d3a10d5dd51f8cbdeaeb4b75
Details md5 3
6a60f718e1ecadd0e26893daa31c7120
Details md5 2
e81a9b194cf1bcd4f1bbf21338840ece
Details md5 2
d406d8889dc1f2d51954808f5587415d
Details md5 2
ed1762b09d0a966d7a2d6c9167ea5499
Details md5 2
055cc4c30260884c910b383bb81cf7c8
Details md5 2
b08b660ed646c390d5a254070123c74c
Details md5 2
018dd881f5bf9181b70f78d7d38bd62a
Details md5 2
31eb70dc11af05ec4d5cda652396970c
Details md5 2
b77e3a7e13e39829383fabf436e9c8f2
Details md5 4
e31b7d841b1865e11eab056e70416f1a
Details md5 5
612585fa3ada349a02bc97d4c60de784
Details md5 2
3921d444a251661662f991b147e22bc3
Details md5 4
c802dd3d8732d9834c5a558e9d39ed37
Details md5 4
6b4c7ea91d5696369dd0a848586f0b28
Details md5 4
07191f554ed5d9025bc85ee1bf51f975
Details md5 2
27303a52d7ebd666d2a84529f2c86b3c
Details md5 4
4eb5eb52061cc8cf06e28e7eb20cd055
Details md5 4
622f060fce624bdca9a427c3edec1663
Details md5 2
72decb30e84cfe0d726f26c4f45dc1b0
Details md5 7
7d9c233b8c9e3f0ea290d2b84593c842
Details md5 3
d862186f24e644b02aa97d98695c73d8
Details md5 4
df8f2dc27cbbd10d944210b19f97dafd
Details md5 4
8de8dfcb99621b21bf66a3ef2fcd8138
Details md5 2
47f091b0bfa0f3d6e6943d7f178a4dff
Details md5 2
1b562817eadfb12f527bf25bf5c803b1
Details IPv4 1441
127.0.0.1
Details IPv4 2
192.168.204.131
Details Threat Actor Identifier - APT 3
APT69
Details Url 2
https://github.com/alpha1ab/win2016lpe
Details Url 3
https://github.com/apt69/comahawk
Details Url 2
https://github.com/evilashz/cve-2021-1675-lpe-exp
Details Url 2
https://github.com/kalendsi/cve-2021-1732-exploit
Details Url 3
https://github.com/gossithedog/hivenightmare
Details Url 2
https://github.com/ly4k/callbackhell
Details Url 2
https://github.com/sailay1996/cve-2022-21882-poc
Details Url 2
https://github.com/ly4k/spoolfool
Details Url 2
http://www.ive***.co.kr/uploadfile/ufaceimage/1/info.zip
Details Url 4
http://www.ive***.co.kr/uploadfile/ufaceimage/1/update.zip
Details Url 2
http://www.ive***.co.kr/uploadfile/ufaceimage/1/f.zip