ioc[.]one - OSINT Cyber Threat Intelligence Database

김수키(Kimsuky) APT 그룹, 과거 라자루스(Lazarus) doc 공격 방식 활용

Tags

Show in Graph

Common Information

Type	Value
UUID	89ac58a1-5a54-4010-8e71-760c1ce651c6
Fingerprint	542ef3746d9beffb
Analysis status	DONE
Considered CTI value	0
Text language
Published	June 11, 2020, 1:46 p.m.
Added to db	Jan. 30, 2023, 4:32 p.m.
Last updated	Oct. 25, 2024, 8:28 p.m.
Headline
Title	김수키(Kimsuky) APT 그룹, 과거 라자루스(Lazarus) doc 공격 방식 활용
Detected Hints/Tags/Attributes	9/0/9

Source URLs

	Redirection	Url
Details	Source	https://blog.alyac.co.kr/3052

URL Provider

Details	Provider	Source level domain
Details	alyac.co.kr	blog.alyac.co.kr

Attributes

Details	Type	#Events	CTI	Value
Details	Domain	3		wave.posadadesantiago.com
Details	Domain	1		thisdocument.name
Details	Domain	1		application.documents.open
Details	Domain	4		estsecurity.com
Details	Email	4		esrc@estsecurity.com
Details	File	1		'winload.exe
Details	File	18		winload.exe
Details	File	4		application.doc
Details	Pdb	1		d:\spy\cspy\online_setup\release\online_setup.pdb