윈도우 도움말 파일(*.chm) 로 유포 중인 AsyncRAT - ASEC BLOG
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Powershell - T1059.001 Mshta - T1170 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 8f019b62-0902-47bc-b76d-e52924f55657 |
| Fingerprint | 7f7f4f80f38026a3 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 1, 2023, 11:35 a.m. |
| Added to db | Feb. 1, 2023, 9:46 a.m. |
| Last updated | Dec. 20, 2024, 6:20 a.m. |
| Headline | 윈도우 도움말 파일(*.chm) 로 유포 중인 AsyncRAT |
| Title | 윈도우 도움말 파일(*.chm) 로 유포 중인 AsyncRAT - ASEC BLOG |
| Detected Hints/Tags/Attributes | 16/2/29 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/ko/46923/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 18 | ✔ | ASEC | https://asec.ahnlab.com/ko/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | 2023foco.com.br |
|
| Details | Domain | 307 | microsoft.net |
|
| Details | File | 2 | vvvvv.txt |
|
| Details | File | 2 | c:\programdata\v.vbs |
|
| Details | File | 3 | v.vbs |
|
| Details | File | 131 | regasm.exe |
|
| Details | File | 2 | dcreverso.txt |
|
| Details | File | 38 | 2.txt |
|
| Details | File | 37 | powershell_ise.exe |
|
| Details | File | 2 | printa.txt |
|
| Details | File | 3 | runpe.jpg |
|
| Details | File | 273 | iexplore.exe |
|
| Details | File | 11 | rl_generic.c4 |
|
| Details | File | 27 | agent.c4 |
|
| Details | md5 | 2 | ea64cc5749f48f610074636426fdfb4c |
|
| Details | md5 | 2 | b810d06b6ead297da6d145fca80c80b2 |
|
| Details | md5 | 2 | ac64e8e7eb01755cc363167dd7653d53 |
|
| Details | md5 | 2 | 824584841251baa953b21feb5f516bed |
|
| Details | md5 | 2 | 407b0b88187916dc2e38c8d796c10804 |
|
| Details | md5 | 2 | d5dcb2348a9c414dbd980d7e3df63fe8 |
|
| Details | md5 | 2 | c45f6c4e3222c4308c80c945fb3ac4dc |
|
| Details | IPv4 | 2 | 51.79.116.37 |
|
| Details | Url | 2 | https://2023foco.com.br/plmckv.hta |
|
| Details | Url | 2 | http://2023foco.com.br/vvvvv.txt |
|
| Details | Url | 2 | https://2023foco.com.br/serverhta.hta |
|
| Details | Url | 2 | https://2023foco.com.br/dcreverso.txt |
|
| Details | Url | 2 | https://2023foco.com.br/2.txt |
|
| Details | Url | 2 | https://2023foco.com.br/printa.txt |
|
| Details | Url | 2 | https://2023foco.com.br/runpe.jpg |