한글문서(HWP) 내부 플래쉬 취약점 이용한 새로운 공격 - ASEC BLOG
Tags
| attack-pattern: | Data Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Visual Basic - T1059.005 |
Common Information
| Type | Value |
|---|---|
| UUID | d154a411-9e24-424a-8ef2-29466e3999e9 |
| Fingerprint | 7dbfd1bc40553de5 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 25, 2020, 6:24 p.m. |
| Added to db | Jan. 30, 2023, 4:34 p.m. |
| Last updated | Nov. 18, 2024, 1:24 p.m. |
| Headline | 한글문서(HWP) 내부 플래쉬 취약점 이용한 새로운 공격 |
| Title | 한글문서(HWP) 내부 플래쉬 취약점 이용한 새로운 공격 - ASEC BLOG |
| Detected Hints/Tags/Attributes | 22/1/27 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/ko/16383/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 59 | cve-2018-15982 |
|
| Details | Domain | 190 | asec.ahnlab.com |
|
| Details | Domain | 3 | www.sjem.co.kr |
|
| Details | Domain | 2 | haeundaejugong.com |
|
| Details | Domain | 2 | kumdo.org |
|
| Details | File | 73 | view.php |
|
| Details | File | 15 | hwp.exe |
|
| Details | File | 15 | download.aspx |
|
| Details | File | 2130 | cmd.exe |
|
| Details | File | 1 | hncupdate.exe |
|
| Details | File | 6 | do.php |
|
| Details | File | 1 | _조현_desktop.zip |
|
| Details | File | 1 | %userprofile%\appdata\roaming\chinotto.dat |
|
| Details | File | 7 | akdoor.c4 |
|
| Details | md5 | 3 | 65993d1cb0d1d7ce218fb267ee36f7c1 |
|
| Details | md5 | 2 | 55afe67b0cd4a01f3a9a6621c26b1a49 |
|
| Details | Pdb | 1 | d:\vsworkspace\chinotto\release\chinotto.pdb |
|
| Details | Url | 1 | https://asec.ahnlab.com/ko/1354 |
|
| Details | Url | 1 | https://asec.ahnlab.com/ko/1400 |
|
| Details | Url | 3 | http://www.sjem.co.kr/admin/data/category/notice_en/view.php |
|
| Details | Url | 1 | https://onedrive.live.com/download.aspx?cid=94428d8c32faece9&authkey=!amb33hdkdtxdlue&resid=94428d8c32faece9!420&ithint=.dat |
|
| Details | Url | 1 | http://haeundaejugong.com/editor/chinotto/do.php?frag=******-********_6.2(9200)_조현_desktop.zip |
|
| Details | Url | 1 | http://haeundaejugong.com/editor/chinotto/do.php?id=******-********_6.2 |
|
| Details | Url | 1 | http://kumdo.org/admin/cont/do.php?id=*******_vj01_6.1(7600)_arzxjw&type=command&direction=receive.ction |
|
| Details | Url | 2 | http://haeundaejugong.com/editor/chinotto/do.php |
|
| Details | Url | 2 | http://kumdo.org/admin/cont/do.php |
|
| Details | Windows Registry Key | 112 | HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |