오퍼레이션 이블플레인(Operation EvilPlane) : 국내 이용자의 개인정보가 담긴 파일을 이용한 APT 공격
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Template Injection - T1221 Trap - T1546.005 Trap - T1154 |
Common Information
| Type | Value |
|---|---|
| UUID | d719a5bb-64e8-4c6f-a60d-27bc782351d3 |
| Fingerprint | e236613dadb5c693 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Dec. 7, 2022, 1:41 p.m. |
| Added to db | Jan. 16, 2023, 3:50 p.m. |
| Last updated | Oct. 16, 2024, 2:12 a.m. |
| Headline | |
| Title | 오퍼레이션 이블플레인(Operation EvilPlane) : 국내 이용자의 개인정보가 담긴 파일을 이용한 APT 공격 |
| Detected Hints/Tags/Attributes | 11/2/10 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blog.alyac.co.kr/5009 |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | k22012.c1.biz |
|
| Details | Domain | 1 | 5645780.c1.biz |
|
| Details | Domain | 3 | 4895750.c1.biz |
|
| Details | File | 2 | paypal.dot |
|
| Details | File | 14 | check.bat |
|
| Details | File | 10 | 64.dll |
|
| Details | File | 1 | trap.bat |
|
| Details | File | 1 | rdssvc.dll |
|
| Details | File | 1 | rdssvc.dat |
|
| Details | File | 14 | downloader.doc |