탈륨 조직, 코로나19 관련 소상공인 지원 종합안내로 위장한 HWP 공격
Tags
| attack-pattern: | Dll Side-Loading - T1574.002 Xsl Script Processing - T1220 Dll Side-Loading - T1073 |
Common Information
| Type | Value |
|---|---|
| UUID | d2fe9052-fdd9-4732-8233-5044c79a9041 |
| Fingerprint | 57d76f2b7fb5e806 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Feb. 17, 2021, 12:40 a.m. |
| Added to db | Jan. 30, 2023, 4:34 p.m. |
| Last updated | Sept. 10, 2024, 1:07 a.m. |
| Headline | |
| Title | 탈륨 조직, 코로나19 관련 소상공인 지원 종합안내로 위장한 HWP 공격 |
| Detected Hints/Tags/Attributes | 13/1/16 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blog.alyac.co.kr/3586 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | smtper.co |
|
| Details | Domain | 69 | trojan.android |
|
| Details | 1 | u@b.smtper.co |
||
| Details | File | 1 | 'bin0001.png |
|
| Details | File | 1 | 'bin0002.png |
|
| Details | File | 1 | 'apisecurity.bat |
|
| Details | File | 1 | 'apisecurity.key |
|
| Details | File | 1 | 'apisecurity.vbs |
|
| Details | File | 1 | apisecurity.bat |
|
| Details | File | 1 | apisecurity.key |
|
| Details | File | 1 | apisecurity.vbs |
|
| Details | File | 1 | 'xmllite.dll |
|
| Details | File | 2 | 'taskkill.exe |
|
| Details | File | 2 | 'hwp.exe |
|
| Details | File | 2 | 'onedrive.exe |
|
| Details | Url | 1 | ftp://u:u@b.smtper.co/beta/usoprive |