미국 대선 내용의 악성 한글 문서 유포 중 - ASEC BLOG
Tags
attack-pattern: Malware - T1587.001 Malware - T1588.001 Mshta - T1218.005 Software - T1592.002 Mshta - T1170 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID a0db7860-370c-4eb6-ad1e-d0929a8b5e46
Fingerprint 1dcc6122b3c23d9f
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 4, 2020, midnight
Added to db Jan. 30, 2023, 4:34 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline 미국 대선 내용의 악성 한글 문서 유포 중
Title 미국 대선 내용의 악성 한글 문서 유포 중 - ASEC BLOG
Detected Hints/Tags/Attributes 20/1/22
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/ko/1400/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
Attributes
Details Type #Events CTI Value
Details Domain 372 
wscript.shell
Details Domain 3 
xeoskin.co.kr
Details Domain 6 
post0.open
Details Domain 11 
ws.run
Details File 2 
hancom.config
Details File 2 
uration.vbs
Details File 1 
appdatalocaltemphancom.config
Details File 1 
amazon.xml
Details File 6 
cross.php
Details File 24 
report.php
Details File 5 
version.xml
Details File 456 
mshta.exe
Details md5 1 
3fb0cfe3cc84fc9bb54c894e05ebbb92
Details md5 1 
a9f167786c21b8f539013bcc786292ff
Details Url 2 
http://xeoskin.co.kr/wp/wp-includes/simplepie/net/cross.php?op=1
Details Url 1 
http://xeoskin.co.kr/wp/wp-includes/simplepie/net/cross.php?op=1에
Details Url 1 
http://xeoskin.co.kr/wp/wp-includes/simplepie/net/report.php
Details Url 2 
http://xeoskin.co.kr/wp/wp-includes/simplepie/net/suf.hta
Details Url 2 
http://xeoskin.co.kr/wp/wp-includes/simplepie/net
Details Url 1 
http://xeoskin.co.kr/wp/wp-includes/simplepie/net/cross.php?op=1에서
Details Url 2 
http://xeoskin.co.kr/wp/wp-includes/simplepie/net/cross.php?op=3
Details Windows Registry Key 18 
HKCU\Software\Microsoft\Office