Sliver C2 Being Distributed Through Korean Program Development Company - ASEC BLOG
Tags
| country: | China |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vnc - T1021.005 Tool - T1588.002 Vulnerabilities - T1588.006 |
Common Information
| Type | Value |
|---|---|
| UUID | a8019106-03c7-4da1-b7c5-aa0cd4a38e94 |
| Fingerprint | 812c387f8dff0ce1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 1, 2023, 9 a.m. |
| Added to db | Oct. 24, 2023, 1:16 p.m. |
| Last updated | Nov. 15, 2024, 9:30 p.m. |
| Headline | Sliver C2 Being Distributed Through Korean Program Development Company |
| Title | Sliver C2 Being Distributed Through Korean Program Development Company - ASEC BLOG |
| Detected Hints/Tags/Attributes | 52/3/53 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/en/55652/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 17 | ✔ | ASEC | https://asec.ahnlab.com/en/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 3 | status.devq.workers.dev |
|
| Details | Domain | 3 | op.gg |
|
| Details | Domain | 3 | config.v6.army |
|
| Details | Domain | 3 | panda.sect.kr |
|
| Details | Domain | 3 | speed.ableoil.net |
|
| Details | File | 380 | notepad.exe |
|
| Details | File | 35 | discord.exe |
|
| Details | File | 2 | nexonplug.exe |
|
| Details | File | 3 | gg.exe |
|
| Details | File | 8 | qq.exe |
|
| Details | File | 3 | line.exe |
|
| Details | File | 2 | qqguild.exe |
|
| Details | File | 6 | qqprotect.exe |
|
| Details | File | 2 | trafficpro.exe |
|
| Details | File | 3 | wechatappex.exe |
|
| Details | File | 2 | wechatplayer.exe |
|
| Details | File | 39 | anydesk.exe |
|
| Details | File | 4 | kakaotalk.exe |
|
| Details | File | 2 | ldplayer.exe |
|
| Details | File | 2 | logibolt.exe |
|
| Details | File | 5 | obs64.exe |
|
| Details | File | 87 | skype.exe |
|
| Details | File | 15 | telegram.exe |
|
| Details | File | 5 | wechat.exe |
|
| Details | File | 5 | whale.exe |
|
| Details | File | 3 | %programfiles%\microsofts\microsofts\premicrosoft.exe |
|
| Details | File | 21 | m.exe |
|
| Details | File | 156 | 1.exe |
|
| Details | File | 38 | 7.exe |
|
| Details | File | 25 | 4.exe |
|
| Details | File | 4 | 4_230710.exe |
|
| Details | File | 108 | 0.exe |
|
| Details | File | 4 | premicrosoft.exe |
|
| Details | File | 18 | microsoft.exe |
|
| Details | File | 4 | registrys.exe |
|
| Details | md5 | 6 | e84750393483bbb32a46ca5a6a9d253c |
|
| Details | md5 | 6 | eefbc5ec539282ad47af52c81979edb3 |
|
| Details | md5 | 6 | 10298c1ddae73915eb904312d2c6007d |
|
| Details | md5 | 6 | b4481eef767661e9c9524d94d808dcb6 |
|
| Details | md5 | 6 | 70257b502f6db70e0c75f03e750dca64 |
|
| Details | md5 | 6 | 1906bf1a2c96e49bd8eba29cf430435f |
|
| Details | md5 | 6 | 499f0d42d5e7e121d9a751b3aac2e3f8 |
|
| Details | md5 | 6 | b66f351c35212c7a265272d27aa09656 |
|
| Details | md5 | 6 | ea20d797c0046441c8f8e76be665e882 |
|
| Details | md5 | 6 | 73f83322fce3ef38b816bef8fa28d37b |
|
| Details | md5 | 6 | 5eb6821057c28fd53b277bc7c6a17465 |
|
| Details | md5 | 6 | 95dac8965620e69e51a1dbdf7ebbf53a |
|
| Details | md5 | 6 | 23f72ee555afcd235c0c8639f282f3c6 |
|
| Details | md5 | 6 | 27a24461bd082ec60596abbad23e59f2 |
|
| Details | IPv4 | 4 | 1.0.4.4 |
|
| Details | Url | 3 | https://status.devq.workers.dev |
|
| Details | Url | 3 | https://config.v6.army/sans.woff2 |
|
| Details | Url | 3 | https://panda.sect.kr |