다양한 원격 제어 도구들을 악용하는 공격자들 - ASEC BLOG
Tags
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Vnc - T1021.005 Tool - T1588.002 |
Common Information
| Type | Value |
|---|---|
| UUID | b2004138-9173-42bc-a1fd-ed30ea55e0a3 |
| Fingerprint | b0ff2194631b9a0a |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Oct. 11, 2022, 9:47 a.m. |
| Added to db | Jan. 16, 2023, 3:53 p.m. |
| Last updated | Sept. 5, 2024, 12:53 a.m. |
| Headline | 다양한 원격 제어 도구들을 악용하는 공격자들 |
| Title | 다양한 원격 제어 도구들을 악용하는 공격자들 - ASEC BLOG |
| Detected Hints/Tags/Attributes | 43/1/20 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/ko/39761/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 25 | mdp.download |
|
| Details | Domain | 3 | bbq.zzhreceive.top |
|
| Details | File | 6 | vncdll.dll |
|
| Details | File | 8 | tvnserver.exe |
|
| Details | File | 7 | tvnviewer.exe |
|
| Details | File | 3 | rd.exe |
|
| Details | File | 2 | todesk.rar |
|
| Details | File | 2 | mscorsvw2.exe |
|
| Details | md5 | 2 | fe1bb6811f5c808414c4a357031c2718 |
|
| Details | md5 | 2 | 1aeb95215a633400d90ad8cbca9bc300 |
|
| Details | IPv4 | 2 | 106.250.168.50 |
|
| Details | IPv4 | 3 | 183.111.148.147 |
|
| Details | IPv4 | 2 | 119.201.213.146 |
|
| Details | IPv4 | 3 | 58.180.56.28 |
|
| Details | Url | 2 | http://106.250.168.50/rd.exe |
|
| Details | Url | 2 | http://106.250.168.50/todesk.rar |
|
| Details | Url | 2 | http://183.111.148.147/mscorsvw2.exe |
|
| Details | Url | 2 | http://119.201.213.146/mscorsvw2.exe |
|
| Details | Url | 2 | http://58.180.56.28/mscorsvw2.exe |
|
| Details | Url | 3 | http://bbq.zzhreceive.top/tmate |