Analysis of Attack Cases: From Korean VPN Installations to MeshAgent Infections - ASEC BLOG
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vnc - T1021.005 Tool - T1588.002 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID d0b8156f-0e25-40eb-80e1-7a44c34bc58d
Fingerprint 24243e7f8d7bce00
Analysis status DONE
Considered CTI value 2
Text language
Published May 26, 2023, 9 a.m.
Added to db June 5, 2023, 10:10 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Analysis of Attack Cases: From Korean VPN Installations to MeshAgent Infections
Title Analysis of Attack Cases: From Korean VPN Installations to MeshAgent Infections - ASEC BLOG
Detected Hints/Tags/Attributes 51/2/18
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/en/53267/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 17 ASEC https://asec.ahnlab.com/en/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 25 
mdp.download
Details Domain 3 
aggbvdfbbafdg.moeuda.link
Details File 13 
start.exe
Details File 249 
schtasks.exe
Details File 2 
vpnsetup.exe
Details File 306 
services.exe
Details File 175 
update.exe
Details File 2 
go-memexec-2989748128.exe
Details File 3 
gr.png
Details File 3 
ms-update.exe
Details md5 3 
0574f906b97f2e74ae49b6e900b5c60d
Details md5 3 
162e17324f63f2e1d2c32f7c842b3917
Details md5 3 
8fce3a48d46b9c3d252806e7292647e6
Details md5 3 
4a9369fcff5e934ab644c9aca6e42532
Details md5 3 
15d24570f3844987acce866d6541ba21
Details IPv4 3 
54.180.27.29
Details Url 3 
http://54.180.27.29/cc/himart/api/kodbox-main/gr.png
Details Url 3 
http://54.180.27.29/cc/himart/api/kodbox-main/ms-update.exe