New Andariel Reconnaissance Tactics Uncovered
Tags
country: South Korea
maec-delivery-vectors: Watering Hole
attack-pattern: Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Vulnerabilities - T1588.006
Show in Graph
Common Information
Type Value
UUID bd038882-c860-4bf4-97c9-0f988845d74d
Fingerprint ced59d928cc593ce
Analysis status DONE
Considered CTI value 2
Text language
Published July 16, 2018, midnight
Added to db Oct. 15, 2024, 5:21 p.m.
Last updated Oct. 15, 2024, 10:11 p.m.
Headline New Andariel Reconnaissance Tactics Uncovered
Title New Andariel Reconnaissance Tactics Uncovered
Detected Hints/Tags/Attributes 41/3/15
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_ca/research/18/g/new-andariel-reconnaissance-tactics-hint-at-next-targets.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
aega.co.kr
Details Domain 1 
www.peaceind.co.kr
Details Domain 1 
alphap1.com
Details Domain 1 
adfamc.com
Details File 1 
wsactivebridge.exe
Details File 4 
skin.php
Details File 31 
image.php
Details sha256 1 
cfcd391eec9fca663afd9a4a152e62af665e8f695a16537e061e924a3b63c3b9
Details sha256 1 
e0e30eb5e5ff1e71548c4405d04ce16b94c4cb7f8c2ed9bd75933cea53533114
Details sha256 1 
67a1312768c4ca3379181c0fcc1143460efcb4bff7a4774c9c775043964c0878
Details Url 1 
http://aega.co.kr/mall/skin/skin.php
Details Url 1 
http://www.peaceind.co.kr/board/icon/image.php
Details Url 1 
http://alphap1.com/hdd/images/image.php
Details Url 1 
http://adfamc.com/editor/sorak/image.php
Details Url 1 
http://adfamc.[com/editor/sorak/skin.php