Malware Disguised as Job Offer Letter - ASEC BLOG
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 Rundll32 - T1218.011 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | b5c6bd25-399f-4825-a3d7-d5431ccd149f |
| Fingerprint | a407fc12cd2701ef |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 11, 2021, 11:28 a.m. |
| Added to db | Sept. 11, 2022, 4:59 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | Malware Disguised as Job Offer Letter |
| Title | Malware Disguised as Job Offer Letter - ASEC BLOG |
| Detected Hints/Tags/Attributes | 25/2/12 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/en/26060/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | donattelli.com |
|
| Details | File | 66 | settings.xml |
|
| Details | File | 226 | certutil.exe |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 37 | 1.dll |
|
| Details | File | 1 | rad6fecc.tmp |
|
| Details | File | 1 | kpot.c4 |
|
| Details | md5 | 1 | dc3f839b6f2a8c1833d9ae4e4f8dc4c6 |
|
| Details | md5 | 1 | 23a471d956410bc80dc0cabc006252f6 |
|
| Details | md5 | 1 | 1ea7d46d94299fa8bad4043c13100df0 |
|
| Details | Url | 1 | https://donattelli.com/test/ssi/1.dll |
|
| Details | Url | 1 | https://donattelli.com |