국내 학술대회 시즌을 노린 한글문서(HWP) 악성코드 유포 중 - ASEC BLOG
Tags
| country: | Pakistan |
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 |
Common Information
| Type | Value |
|---|---|
| UUID | 99c2f488-893f-46da-ad88-9fa5e4e7e000 |
| Fingerprint | 1efc1ffbcf217c33 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | June 4, 2020, midnight |
| Added to db | Jan. 30, 2023, 4:32 p.m. |
| Last updated | Dec. 26, 2024, 9:05 a.m. |
| Headline | 국내 학술대회 시즌을 노린 한글문서(HWP) 악성코드 유포 중 |
| Title | 국내 학술대회 시즌을 노린 한글문서(HWP) 악성코드 유포 중 - ASEC BLOG |
| Detected Hints/Tags/Attributes | 12/2/17 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/1329 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 202 | asec.ahnlab.com |
|
| Details | Domain | 5 | resulview.com |
|
| Details | File | 11 | no1.bat |
|
| Details | File | 10 | vbs.txt |
|
| Details | File | 10 | no1.txt |
|
| Details | File | 24 | start.vbs |
|
| Details | File | 106 | upload.php |
|
| Details | File | 9 | temprun.bat |
|
| Details | File | 4 | pakistan.txt |
|
| Details | File | 13 | %computername%.txt |
|
| Details | File | 4 | mdp.exe |
|
| Details | Url | 2 | https://asec.ahnlab.com/1325 |
|
| Details | Url | 2 | http://resulview.com/5hado/no1.txt |
|
| Details | Url | 4 | http://resulview.com/5hado/vbs.txt |
|
| Details | Url | 2 | http://resulview.com/5hadr/upload.php |
|
| Details | Url | 2 | http://resulview.com/5hado/%computername%.txt |
|
| Details | Windows Registry Key | 15 | HKCUSoftwareMicrosoftWindowsCurrentVersionRun |