뉴스 설문지로 위장하여 유포 중인 악성 워드 문서 - ASEC BLOG
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Powershell - T1059.001 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID c64a743c-5daa-4a51-abc4-ab50a77b8deb
Fingerprint 5abbf843ec3f37ba
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 16, 2022, 11:19 a.m.
Added to db June 1, 2023, 10:59 a.m.
Last updated Oct. 16, 2024, 2:47 a.m.
Headline 뉴스 설문지로 위장하여 유포 중인 악성 워드 문서
Title 뉴스 설문지로 위장하여 유포 중인 악성 워드 문서 - ASEC BLOG
Detected Hints/Tags/Attributes 12/2/18
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/ko/42163/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
Attributes
Details Type #Events CTI Value
Details Domain 1 
okihs.mypressonline.com
Details Domain 1 
jojoa.mypressonline.com
Details File 1 
defender.log
Details File 1 
defenderupdate.bat
Details File 3 
bb.txt
Details File 7 
ng.txt
Details File 59 
post.php
Details File 1 
%appdata%\masterkey.txt
Details File 1 
masterkey.txt
Details File 1 
kmas.txt
Details File 1 
%appdata%\microsoft\windows\powershell\psreadline\consolehost_history.txt
Details md5 1 
59be2b9a3e33057b3d80574764ab0952
Details md5 1 
89d972f89b336ee07733c72f6f89edc5
Details md5 1 
8785b8e882eef125dc527736bb1c5704
Details Url 1 
http://okihs.mypressonline.com/bb/bb.txt
Details Url 1 
http://okihs.mypressonline.com/bb/bb.txt에는
Details Url 1 
http://okihs.mypressonline.com/bb/post.php로
Details Url 1 
http://okihs.mypressonline.com/bb/bb.down에서