우리 민족의 해킹단체 북한 김수키(Kimsuky) 만든 파워셀 악성코드-pow.ps1(2024.9.23)
Tags
| attack-pattern: | Data Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | cf3f61b4-8f0c-438e-9a93-9784f631bbfc |
| Fingerprint | 4eb143a9bb1a14b1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 1, 2024, midnight |
| Added to db | Sept. 30, 2024, 5:44 p.m. |
| Last updated | Dec. 21, 2024, 3:22 a.m. |
| Headline | 꿈을꾸는 파랑새 |
| Title | 우리 민족의 해킹단체 북한 김수키(Kimsuky) 만든 파워셀 악성코드-pow.ps1(2024.9.23) |
| Detected Hints/Tags/Attributes | 19/1/11 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | http://wezard4u.tistory.com/429289 |
| Details | Source | https://wezard4u.tistory.com/429289 |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 478 | ✔ | 꿈을꾸는 파랑새 | https://wezard4u.tistory.com/feed | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | fstream.seek |
|
| Details | Domain | 7 | method.name |
|
| Details | Domain | 3 | method.in |
|
| Details | Domain | 1 | thread.sl |
|
| Details | File | 9 | 악성코드-pow.ps1 |
|
| Details | File | 8 | pow.ps1 |
|
| Details | File | 7 | ttmp.log |
|
| Details | md5 | 4 | c8d589ac5c872b12e502ec1fc2fee0c7 |
|
| Details | sha1 | 1 | 8dd3ff59320a5908f60755232b766c740715d998 |
|
| Details | sha256 | 1 | 751698edee5ec4c46fddaa995f120984dfd551e1f68fc2d0fea7bfe1a8868c83 |
|
| Details | Microsoft Patch Numbers | 14 | KB5043131 |