ioc[.]one - OSINT Cyber Threat Intelligence Database

Bumblebee Being Distributed in Korea Through Email Hijacking - ASEC BLOG

Tags

maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Rundll32 - T1218.011 Rundll32 - T1085

Show in Graph

Common Information

Type	Value
UUID	bbcfe33a-871b-4a7b-952a-4d14a1718f32
Fingerprint	8cc7191929feeeaf
Analysis status	DONE
Considered CTI value	2
Text language
Published	June 21, 2022, 12:59 p.m.
Added to db	Sept. 11, 2022, 4:59 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Bumblebee Being Distributed in Korea Through Email Hijacking
Title	Bumblebee Being Distributed in Korea Through Email Hijacking - ASEC BLOG
Detected Hints/Tags/Attributes	29/2/28

Source URLs

	Redirection	Url
Details	Source	https://asec.ahnlab.com/en/35460/

URL Provider

Details	Provider	Source level domain
Details	ahnlab.com	asec.ahnlab.com

Attributes

Details	Type	#Events	Value
Details	File	1018	rundll32.exe
Details	File	11	%windir%\system32\rundll32.exe
Details	File	1	neval.dll
Details	File	22	%windir%\system32\cmd.exe
Details	File	1	requestpdf.bat
Details	File	1	da4nos.dll
Details	File	12	wab.exe
Details	File	14	imagingdevices.exe
Details	File	7	wabmig.exe
Details	md5	1	11999cdb140965db45055c0bbf32c6ec
Details	md5	1	b7936d2eed4af4758d2c5eac760baf1d
Details	md5	1	e50fff61c27e6144823dd872bf8f8762
Details	md5	1	2c9a4291387fd1472081c9c464a8a470
Details	md5	1	bfa053445bc5d2950aebaeb881aa8fb4
Details	IPv4	1	73.214.29.52
Details	IPv4	1	78.112.52.91
Details	IPv4	1	21.175.22.99
Details	IPv4	1	107.90.225.1
Details	IPv4	1	212.114.52.46
Details	IPv4	1	101.88.16.100
Details	IPv4	1	19.71.13.153
Details	IPv4	1	108.16.90.159
Details	IPv4	1	103.175.16.122
Details	IPv4	1	121.15.221.97
Details	IPv4	1	22.175.0.90
Details	IPv4	1	146.19.253.49
Details	IPv4	1	38.12.57.131
Details	IPv4	1	191.26.101.13