북한 APT 김수키(Kimsuky)에서 만든 악성코드-system_first.ps1(2024.11.27)
Tags
attack-pattern: | Powershell - T1059.001 Powershell - T1086 |
Common Information
Type | Value |
---|---|
UUID | bd5f9fa3-c43d-4bc5-af47-118aebb40752 |
Fingerprint | db629f4bb8e97571 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Dec. 6, 2024, midnight |
Added to db | Dec. 5, 2024, 4:24 p.m. |
Last updated | Dec. 24, 2024, 3:59 a.m. |
Headline | 꿈을꾸는 파랑새 |
Title | 북한 APT 김수키(Kimsuky)에서 만든 악성코드-system_first.ps1(2024.11.27) |
Detected Hints/Tags/Attributes | 16/1/12 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | http://wezard4u.tistory.com/429349 |
Details | Source | https://wezard4u.tistory.com/429349 |
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 478 | ✔ | 꿈을꾸는 파랑새 | https://wezard4u.tistory.com/feed | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 1 | kimsuky.ar |
|
Details | File | 14 | 악성코드-system_first.ps1 |
|
Details | File | 4 | pay.bat |
|
Details | File | 6 | system_first.ps1 |
|
Details | File | 14 | 악성코드-pay.bat |
|
Details | File | 12 | generic.dic |
|
Details | File | 3 | s.inf |
|
Details | File | 13 | apt-telegram.txt |
|
Details | md5 | 1 | e598db51ddee48b7c351b68aebf76ebf |
|
Details | sha1 | 1 | 60cdedb45513069a5d67310529966681bd0b4663 |
|
Details | sha256 | 1 | ed55bb081d0e4dfeefd7af35dbb0a0481be192d3d0759631c951f7d6d5737749 |
|
Details | Microsoft Patch Numbers | 16 | KB5046740 |