북한 해킹단체 김수키(Kimsuky)에서 만든 금융거래확인서로 위장한 악성코드-confirmation.chm(2024.12.10)
Common Information
Type Value
UUID e02bc433-feb4-4bc2-a673-632ff3b384fe
Fingerprint 7fc6bde71621ca13
Analysis status DONE
Considered CTI value 2
Text language
Published Dec. 20, 2024, midnight
Added to db Dec. 21, 2024, 3:55 a.m.
Last updated Dec. 24, 2024, midnight
Headline 꿈을꾸는 파랑새
Title 북한 해킹단체 김수키(Kimsuky)에서 만든 금융거래확인서로 위장한 악성코드-confirmation.chm(2024.12.10)
Detected Hints/Tags/Attributes 24/2/28
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 478 꿈을꾸는 파랑새 https://wezard4u.tistory.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 9
cve-2024-44175
Details CVE 9
cve-2024-55884
Details Domain 2
heur.bzc.ong
Details File 4
악성코드-confirmation.chm
Details File 3
confirmation.chm
Details File 1
openci.vbs
Details File 3
back.png
Details File 1
0385768.bat
Details File 1
8485823.bat
Details File 1
5674932.bat
Details File 1
7572639.bat
Details File 1
3847683.bat
Details File 1
2837492.bat
Details File 1
mpression.zip
Details File 3
downloader.chm
Details File 22
trojan.html
Details File 51
trojan.bat
Details File 9
_4.bat
Details md5 1
08b4bcee92417560d61c5f29649cdfad
Details sha1 1
38032503b59125fb464e1b7aaa449d33caaafc29
Details sha256 1
e6bcdb402999f6f35351c0b9a1be84345aea88c3f662ba27341d7857aeb8cc39
Details Microsoft Patch Numbers 17
KB5048652
Details Microsoft Patch Numbers 18
KB5048667
Details Microsoft Patch Numbers 17
KB5048685
Details Threat Actor Identifier - APT 322
APT37
Details Url 1
https://nasweir(.0com
Details Windows Registry Key 1
HKCU\SOFTW
Details Windows Registry Key 123
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run