“请问,俄乌冲突将如何影响半岛局势?” APT组织Kimsuky近期定向攻击活动分析 – 绿盟科技技术博客
Tags
Show in Graph
Common Information
Type Value
UUID be7617a4-2ab4-4f52-b7fb-a8a5259c72e4
Fingerprint c3e2ee8ff0c07037
Analysis status DONE
Considered CTI value 0
Text language
Published May 5, 2022, 5:12 p.m.
Added to db Jan. 30, 2023, 4:32 p.m.
Last updated Nov. 16, 2024, 12:12 p.m.
Headline “请问,俄乌冲突将如何影响半岛局势?” APT组织Kimsuky近期定向攻击活动分析
Title “请问,俄乌冲突将如何影响半岛局势?” APT组织Kimsuky近期定向攻击活动分析 – 绿盟科技技术博客
Detected Hints/Tags/Attributes 8/0/65
Source URLs
Redirection Url
Details Source http://blog.nsfocus.net/apt-kimsuky-3/
URL Provider
Details Provider Source level domain
Details nsfocus.net blog.nsfocus.net
Attributes
Details Type #Events CTI Value
Details Domain 4 
dusieme.com
Details Domain 1 
videop.gi
Details Domain 4 
ielsems.com
Details File 2 
tv_qs.doc
Details File 2 
tv_qs.docx
Details File 42 
bdagent.exe
Details File 5 
epsecurityservice.exe
Details File 15 
nortonsecurity.exe
Details File 1 
equi.exe
Details File 53 
ekrn.exe
Details File 11 
ca.php
Details File 2 
dot_eset.gif
Details File 27 
avpui.exe
Details File 119 
avp.exe
Details File 24 
msseces.exe
Details File 6 
dot_kasp.gif
Details File 1 
vbs_kasp.gif
Details File 1 
%appdata%\temp.vbs
Details File 1 
eppwsc.exe
Details File 8 
a2guard.exe
Details File 1 
写入开机启动项onenote.bat
Details File 2 
start2.gif
Details File 2 
start4.gif
Details File 29 
pccntmon.exe
Details File 7 
sbamsvc.exe
Details File 1 
epag.exe
Details File 1 
scs.exe
Details File 2 
start3.gif
Details File 27 
avgui.exe
Details File 3 
video.gif
Details File 2 
start1.gif
Details File 4 
agentsvc.exe
Details File 20 
wrsa.exe
Details File 23 
avguard.exe
Details File 5 
avscan.exe
Details File 3 
secur32.gif
Details File 1 
%localappdata%\microsoft\onedrive\secur32.dll
Details File 1 
该secur32.dll
Details File 13 
r.php
Details File 1 
恶意模板文档eset.dot
Details File 1 
用于替换normal.dot
Details File 29 
d.php
Details File 1 
恶意模板文档kasp.dot
Details File 1 
c:\users\public\videos\video.bat
Details File 1 
木马程序secur32.dll
Details File 1 
名为secur32.dll
Details File 3 
macro.php
Details Url 1 
https://dusieme.com/panda/tbs
Details Url 1 
https://dusieme.com/panda/ca.php?na=dot_eset.gif
Details Url 1 
https://dusieme.com/panda/ca.php?na=dot_kasp.gif
Details Url 1 
http://dusieme.com/panda/ca.php?na=vbs_kasp.gif
Details Url 1 
https://dusieme.com/panda/ca.php?na=start2.gif
Details Url 1 
https://dusieme.com/panda/ca.php?na=start4.gif
Details Url 1 
https://dusieme.com/panda/ca.php?na=start3.gif
Details Url 1 
https://dusieme.com/panda/ca.php?na=video.gif
Details Url 1 
https://dusieme.com/panda/ca.php?na=start1.gif
Details Url 1 
https://dusieme.com/panda/ca.php?na=videop.gi
Details Url 1 
https://dusieme.com/panda/ca.php?na=secur32.gif处下载数据,并保存至%localappdata%\microsoft\onedrive\secur32.dll。该secur32.dll文件是下一阶段的木马程序
Details Url 1 
https://dusieme.com/panda/r.php
Details Url 1 
https://dusieme.com/panda/ca.php?na=dot_eset.gif下载使用,用于替换normal.dotm模板文件
Details Url 1 
https://dusieme.com/eset/d.php?na=battmp处的批处理文件并执行
Details Url 1 
https://dusieme.com/panda/ca.php?na=dot_kasp.gif下载使用,用于替换normal.dotm模板文件
Details Url 1 
https://dusieme.com/panda/ca.php?na=secur32.gif下载的木马程序
Details Url 1 
https://api.onedrive.com/v1.0/drives/1c11c1e4d824c4b5/items/1c11c1e4d824c4b5!106?select=id,@content.downloadurl
Details Url 1 
https://ielsems.com/cic/macro.php中