APT37 위협 배후의 사이버 정찰 활동 분석
Tags
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | db36c97b-da4b-4259-b6f7-5788c60ff96c |
| Fingerprint | 72e71f50d741dbb8 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 6, 2024, 7:47 a.m. |
| Added to db | Nov. 6, 2024, 4:31 p.m. |
| Last updated | Nov. 17, 2024, 5:54 p.m. |
| Headline | APT37 위협 배후의 사이버 정찰 활동 분석 |
| Title | APT37 위협 배후의 사이버 정찰 활동 분석 |
| Detected Hints/Tags/Attributes | 16/1/50 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 29 | cve-2022-41128 |
|
| Details | Domain | 3 | navarar.com |
|
| Details | Domain | 1174 | gmail.com |
|
| Details | Domain | 3 | filedownloadserve.com |
|
| Details | Domain | 3 | kakaofilestorage.com |
|
| Details | 2 | tanessha.samuel@gmail.com |
||
| Details | 2 | tianling0315@gmail.com |
||
| Details | 3 | w.sarah0808@gmail.com |
||
| Details | 4 | softpower21cs@gmail.com |
||
| Details | 3 | sandozmessi@gmail.com |
||
| Details | File | 2 | '북한동향.docx |
|
| Details | File | 2 | 'panic.dat |
|
| Details | File | 2 | 'viewer.dat |
|
| Details | File | 2 | 'price.bat |
|
| Details | File | 2 | 'find.bat |
|
| Details | File | 2 | 'para.dat |
|
| Details | File | 2 | 'search.dat |
|
| Details | File | 3 | 'public.dat |
|
| Details | File | 2 | 'docu1.dat |
|
| Details | File | 37 | 'cmd.exe |
|
| Details | File | 2 | '북한사이버테러강의자료.pptx |
|
| Details | File | 2 | 북한사이버테레강의자료.pptx |
|
| Details | File | 2 | 북한동향.docx |
|
| Details | File | 2 | 북한사이버테러강의자료.pptx |
|
| Details | File | 2 | '한일납치문제세미나자자료.pdf |
|
| Details | File | 2 | 한일납치문제세미나자자료.pdf |
|
| Details | File | 2 | '북한동향.zip |
|
| Details | md5 | 3 | 5f6682ad9da4590cba106e2f1a8cbe26 |
|
| Details | md5 | 3 | 7a66738cca9f86f4133415eedcbf8e88 |
|
| Details | md5 | 3 | 105ecd9f6585df4e1fe267c2809ee190 |
|
| Details | md5 | 3 | 852544f01172b8bae14ec3e4d0b35115 |
|
| Details | md5 | 3 | 358122718ba11b3e8bb56340dbe94f51 |
|
| Details | md5 | 3 | acf4085b2fa977fc1350f0ddc2710502 |
|
| Details | md5 | 3 | b85a6b1eb7418aa5da108bc0df824fc0 |
|
| Details | md5 | 3 | e4ddd5cc8b5f4d791f27d676d809f668 |
|
| Details | IPv4 | 3 | 61.97.243.2 |
|
| Details | IPv4 | 3 | 158.247.249.129 |
|
| Details | IPv4 | 3 | 108.181.50.58 |
|
| Details | IPv4 | 3 | 158.247.219.10 |
|
| Details | IPv4 | 3 | 141.164.60.110 |
|
| Details | IPv4 | 3 | 141.164.62.19 |
|
| Details | IPv4 | 2 | 108.181.52.169 |
|
| Details | IPv4 | 2 | 108.181.52.229 |
|
| Details | IPv4 | 2 | 108.181.52.231 |
|
| Details | IPv4 | 2 | 108.181.52.234 |
|
| Details | IPv4 | 2 | 108.181.52.235 |
|
| Details | IPv4 | 2 | 108.181.52.236 |
|
| Details | IPv4 | 3 | 223.104.236.114 |
|
| Details | IPv4 | 3 | 175.214.194.61 |
|
| Details | Threat Actor Identifier - APT | 277 | APT37 |