세금계산서로 가장하여 유포되는 Remcos RAT 악성코드 - ASEC BLOG
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | a19983cb-c4e3-4909-b638-f63637f6a7ad |
| Fingerprint | 4bded53c9215fc6f |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 28, 2022, 3:44 p.m. |
| Added to db | Sept. 26, 2022, 9:33 a.m. |
| Last updated | Nov. 18, 2024, 1:24 p.m. |
| Headline | 세금계산서로 가장하여 유포되는 Remcos RAT 악성코드 |
| Title | 세금계산서로 가장하여 유포되는 Remcos RAT 악성코드 - ASEC BLOG |
| Detected Hints/Tags/Attributes | 12/2/25 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/ko/32101/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | tax.com |
|
| Details | Domain | 2 | zhost.polycomusa.com |
|
| Details | Domain | 2 | giraffebear.polycomusa.com |
|
| Details | File | 2 | tax.gz |
|
| Details | File | 2 | chrimaz.exe |
|
| Details | File | 2 | 3xp1r3exp.ps1 |
|
| Details | File | 89 | version.dll |
|
| Details | File | 20 | sysprep.exe |
|
| Details | File | 9 | cliconfg.exe |
|
| Details | File | 4 | appinfo.dll |
|
| Details | File | 18 | winsat.exe |
|
| Details | File | 2 | c:\programdata\chrimaz\chrimaz.exe |
|
| Details | File | 1212 | powershell.exe |
|
| Details | File | 20 | win.msi |
|
| Details | File | 2 | bitmin.c4 |
|
| Details | File | 2 | uacbypass.c4 |
|
| Details | md5 | 2 | 1df2bf9313decafd0249d6a4556010bc |
|
| Details | md5 | 2 | 98cf9ab79e33c04a4934628f6aa3161d |
|
| Details | md5 | 2 | 9cdcaa1c51bfa4ce6d6abb9376ba26a8 |
|
| Details | md5 | 2 | a0f177bfd53ee82d20233bd362fdf024 |
|
| Details | md5 | 2 | 150744df32e4a57bb169f91cba45697c |
|
| Details | md5 | 2 | 824a79fc5bebeb7b508247619eca82cd |
|
| Details | Url | 2 | http://zhost.polycomusa.com/chrimaz.exe |
|
| Details | Url | 2 | http://zhost.polycomusa.com |
|
| Details | Url | 2 | http://giraffebear.polycomusa.com |