RTF Malware Disguised as a Cover Letter for a Particular Airline - ASEC BLOG
Tags
| attack-pattern: | Data Malware - T1587.001 Malware - T1588.001 |
Common Information
| Type | Value |
|---|---|
| UUID | c3004c89-9525-4e32-9b2b-55b78e41dae2 |
| Fingerprint | b6402b47cfa712c1 |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Oct. 25, 2021, 1:26 p.m. |
| Added to db | Sept. 11, 2022, 4:59 p.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | RTF Malware Disguised as a Cover Letter for a Particular Airline |
| Title | RTF Malware Disguised as a Cover Letter for a Particular Airline - ASEC BLOG |
| Detected Hints/Tags/Attributes | 20/1/11 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/en/27861/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 375 | cve-2017-11882 |
|
| Details | Domain | 4 | gozdeelektronik.net |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | File | 1 | letter_.rtf |
|
| Details | File | 57 | eqnedt32.exe |
|
| Details | File | 4 | movie.png |
|
| Details | File | 4 | movie.jpg |
|
| Details | md5 | 2 | dd8bb1686f16924ac797620092776022 |
|
| Details | Url | 4 | https://gozdeelektronik.net/wp-content/themes/0111/movie.png |
|
| Details | Url | 4 | https://gozdeelektronik.net/wp-content/themes/0111/movie.jpg |
|
| Details | Url | 2 | https://twitter.com/souiten/status/1446725907637358597 |