ioc[.]one - OSINT Cyber Threat Intelligence Database

Operation Red Signature Targets South Korean Companies

Tags

country:	South Korea
attack-pattern:	Data Credentials - T1589.001 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Regsvr32 - T1218.010 Server - T1583.004 Server - T1584.004 Software - T1592.002 Tool - T1588.002 Regsvr32 - T1117

Show in Graph

Common Information

Type	Value
UUID	d6c72619-c4a2-4510-b29b-42dd47f009b7
Fingerprint	a530a9db88860ec4
Analysis status	DONE
Considered CTI value	2
Text language
Published	Aug. 21, 2018, midnight
Added to db	Oct. 15, 2024, 5:21 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Operation Red Signature Targets South Korean Companies
Title	Operation Red Signature Targets South Korean Companies
Detected Hints/Tags/Attributes	60/2/42

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_fi/research/18/h/supply-chain-attack-operation-red-signature-targets-south-korean-organizations.html
Details	Source	https://www.trendmicro.com/en_ca/research/18/h/supply-chain-attack-operation-red-signature-targets-south-korean-organizations.html
Details	Redirection	http://www.trendmicro.com/en_fi/research/18/h/supply-chain-attack-operation-red-signature-targets-south-korean-organizations.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	CVE	38	cve-2017-7269
Details	Domain	22	update.zip
Details	Domain	2	file000.zip
Details	Domain	2	file001.zip
Details	File	24	update.zip
Details	File	2	update.ini
Details	File	2	file000.zip
Details	File	2	file001.zip
Details	File	3	rcview40u.dll
Details	File	3	rcview.log
Details	File	459	regsvr32.exe
Details	File	6	dsget.exe
Details	File	9	dsquery.exe
Details	File	16	sharphound.exe
Details	File	4	aio.exe
Details	File	8	ssms.exe
Details	File	2	printdat.dll
Details	File	14	w.exe
Details	File	6	web.exe
Details	File	5	smb.exe
Details	File	21	m.exe
Details	sha1	2	4ae4aed210f2b4f75bdb855f6a5c11e625d56de2
Details	sha256	2	0703a917aaa0630ae1860fb5fb1f64f3cfb4ea8c57eac71c2b0a407b738c4e19
Details	sha256	2	c14ea9b81f782ba36ae3ea450c2850642983814a0f4dc0ea4888038466839c1e
Details	sha256	2	a3a1b1cf29a8f38d05b4292524c3496cb28f78d995dfb0a9aef7b2f949ac278b
Details	sha256	2	9415ca80c51b2409a88e26a9eb3464db636c2e27f9c61e247d15254e6fbb31eb
Details	sha256	2	52374f68d1e43f1ca6cd04e5816999ba45c4e42eb0641874be25808c9fe15005
Details	sha256	3	bcfacc1ad5686aee3a9d8940e46d32af62f8e1cd1631653795778736b67b6d6e
Details	sha256	2	279cf1773903b7a5de63897d55268aa967a87f915a07924c574e42c9ed12de30
Details	sha256	1	e5029808f78ec4a079e889e5823ee298edab34013e50a47c279b6dc4d57b1ffc
Details	sha256	2	e530e16d5756cdc2862b4c9411ac3bb3b113bc87344139b4bfa2c35cd816e518
Details	sha256	2	28c5a6aefcc57e2862ea16f5f2ecb1e7df84b68e98e5814533262595b237917d
Details	IPv4	2	207.148.94.157
Details	IPv4	2	66.42.37.101
Details	Url	2	http://207.148.94.157/update/rcv50/update.zip
Details	Url	2	http://207.148.94.157/update/rcv50/file000.zip
Details	Url	2	http://207.148.94.157/update/rcv50/file001.zip
Details	Url	2	http://207.148.94.157/aio.exe
Details	Url	2	http://207.148.94.157/smb.exe
Details	Url	2	http://207.148.94.157/m.ex_
Details	Url	2	http://207.148.94.157/w
Details	Url	2	http://207.148.94.157/web.ex_