북한 해킹단체 김수키(Kimsuky)에서 만든 금융거래확인서로 위장한 악성코드-confirmation.chm(2024.12.10)
Tags
maec-delivery-vectors: | Watering Hole |
attack-pattern: | Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Software - T1592.002 Powershell - T1086 |
Common Information
Type | Value |
---|---|
UUID | e02bc433-feb4-4bc2-a673-632ff3b384fe |
Fingerprint | 7fc6bde71621ca13 |
Analysis status | DONE |
Considered CTI value | 2 |
Text language | |
Published | Dec. 20, 2024, midnight |
Added to db | Dec. 21, 2024, 3:55 a.m. |
Last updated | Dec. 24, 2024, midnight |
Headline | 꿈을꾸는 파랑새 |
Title | 북한 해킹단체 김수키(Kimsuky)에서 만든 금융거래확인서로 위장한 악성코드-confirmation.chm(2024.12.10) |
Detected Hints/Tags/Attributes | 24/2/28 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | http://wezard4u.tistory.com/429360 |
Details | Source | https://wezard4u.tistory.com/429360 |
URL Provider
RSS Feed
Details | Id | Enabled | Feed title | Url | Added to db |
---|---|---|---|---|---|
Details | 478 | ✔ | 꿈을꾸는 파랑새 | https://wezard4u.tistory.com/feed | 2024-08-30 22:08 |
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | CVE | 9 | cve-2024-44175 |
|
Details | CVE | 9 | cve-2024-55884 |
|
Details | Domain | 2 | heur.bzc.ong |
|
Details | File | 4 | 악성코드-confirmation.chm |
|
Details | File | 3 | confirmation.chm |
|
Details | File | 1 | openci.vbs |
|
Details | File | 3 | back.png |
|
Details | File | 1 | 0385768.bat |
|
Details | File | 1 | 8485823.bat |
|
Details | File | 1 | 5674932.bat |
|
Details | File | 1 | 7572639.bat |
|
Details | File | 1 | 3847683.bat |
|
Details | File | 1 | 2837492.bat |
|
Details | File | 1 | mpression.zip |
|
Details | File | 3 | downloader.chm |
|
Details | File | 22 | trojan.html |
|
Details | File | 51 | trojan.bat |
|
Details | File | 9 | _4.bat |
|
Details | md5 | 1 | 08b4bcee92417560d61c5f29649cdfad |
|
Details | sha1 | 1 | 38032503b59125fb464e1b7aaa449d33caaafc29 |
|
Details | sha256 | 1 | e6bcdb402999f6f35351c0b9a1be84345aea88c3f662ba27341d7857aeb8cc39 |
|
Details | Microsoft Patch Numbers | 17 | KB5048652 |
|
Details | Microsoft Patch Numbers | 18 | KB5048667 |
|
Details | Microsoft Patch Numbers | 17 | KB5048685 |
|
Details | Threat Actor Identifier - APT | 322 | APT37 |
|
Details | Url | 1 | https://nasweir(.0com |
|
Details | Windows Registry Key | 1 | HKCU\SOFTW |
|
Details | Windows Registry Key | 123 | HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |