Orcus RAT Being Distributed Disguised as a Hangul Word Processor Crack - ASEC BLOG
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Installutil - T1218.004 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Installutil - T1118 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID afadafae-3e87-44c8-8d2c-ad5b4266ea5a
Fingerprint a7acaf7fa8658e81
Analysis status DONE
Considered CTI value 2
Text language
Published Jan. 13, 2023, 9:52 a.m.
Added to db Jan. 13, 2023, 3:12 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline Orcus RAT Being Distributed Disguised as a Hangul Word Processor Crack
Title Orcus RAT Being Distributed Disguised as a Hangul Word Processor Crack - ASEC BLOG
Detected Hints/Tags/Attributes 62/2/69
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/en/45462/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 17 ASEC https://asec.ahnlab.com/en/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 8 
xmr.2miners.com
Details Domain 145 
api.telegram.org
Details Domain 1 
minecraftrpgserver.com
Details Domain 112 
docs.google.com
Details File 54 
install.exe
Details File 11 
x86.exe
Details File 40 
7z.exe
Details File 20 
7z.dll
Details File 1 
c:\programdata\kb5019959.exe
Details File 105 
googleupdate.exe
Details File 1 
kb5019959.exe
Details File 10 
software_reporter_tool.exe
Details File 1260 
explorer.exe
Details File 117 
taskmgr.exe
Details File 56 
processhacker.exe
Details File 18 
perfmon.exe
Details File 64 
procexp.exe
Details File 40 
procexp64.exe
Details File 5 
msiafterburner.exe
Details File 4 
tslgame.exe
Details File 1 
tslgame_se.exe
Details File 3 
gta5.exe
Details File 1 
fifa4zf.exe
Details File 1 
left4dead2.exe
Details File 1 
fifa21.exe
Details File 1 
fifa22.exe
Details File 1 
fifa23.exe
Details File 1 
legends.exe
Details File 1 
lostark.exe
Details File 2 
valorant.exe
Details File 4 
overwatch.exe
Details File 1 
suddenattack.exe
Details File 44 
javaw.exe
Details File 1 
sc2.exe
Details File 1 
sc2_x64.exe
Details File 2 
dnf.exe
Details File 1 
tekkengame-win64-shipping.exe
Details File 1 
v3lite_setup.exe
Details File 7 
monitor.exe
Details File 8 
openssl.exe
Details File 1 
natsvc.exe
Details File 1 
smmgr.exe
Details File 1 
v_service.exe
Details File 1 
v_member.exe
Details File 55 
dwm.exe
Details File 83 
installutil.exe
Details md5 1 
516a2bde694b31735c52e013d65de48d
Details md5 1 
6a1fc56b4ce8a62f1ebe25bf7bbe2dbd
Details md5 1 
74bdc2a8d48a6a4833aac4832e38c3b9
Details md5 1 
ccf2d6c69a4e016cd19fa4ee7bc341ec
Details md5 1 
7303e2f671f86909527d8514e1f1f171
Details md5 1 
9c11f58ed5e7b2806042bc9029a5cca8
Details md5 1 
d3c271624e23c125b77dd774ffa4af5d
Details md5 1 
bd1301fb0bd0f7d2e75f090894423be0
Details Microsoft Patch Numbers 1 
KB5019959
Details Url 3 
https://api.telegram.org/bot5538205016
Details Url 1 
https://docs.google.com/uc?export=download&id=1gwm1tfpqtxungxvh0vlktkat5hilyboj
Details Url 1 
https://docs.google.com/uc?export=download&id=1fgv6vuzzx3xkerflxdpkqhoo8qyl9r4z
Details Url 1 
https://docs.google.com/uc?export=download&id=1t3kp_ah5
Details Url 1 
https://docs.google.com/uc?export=download&id=1n75cxe7da3gn7dw2em4x0w1rb9xjr7mx
Details Url 1 
https://docs.google.com/uc?export=download&id=1qz1trnhid7cjzsjdnn0r7nsjalbhw4sn
Details Url 1 
https://docs.google.com/uc?export=download&id=1tggyguucp2mc31uktaorledoiqbvyaro
Details Url 1 
https://docs.google.com/uc?export=download&id=1kncuuyemyvhfp2rypg
Details Url 1 
https://docs.google.com/uc?export=download&id=1vgemufjdfkxl
Details Url 1 
https://docs.google.com/uc?export=download&id=1l4cygnmqxj
Details Url 1 
https://docs.google.com/uc?export=download&id=1bpnnn92vxiogewl
Details Url 1 
https://docs.google.com/uc?export=download&id=1dkej9fnfdsssj0qnhpqun1u
Details Url 1 
https://docs.google.com/uc?export=download&id=1
Details Url 1 
https://docs.google.com/uc?export=download&id=11oxcljflmbuxzaycz3mbtiqnctbmox0b