疑似Group123(APT37)针对中韩外贸人士的攻击活动分析
Tags
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 |
Common Information
| Type | Value |
|---|---|
| UUID | e10272ae-1024-4178-949d-1408fd23dba9 |
| Fingerprint | a839eb3f177937ca |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Aug. 8, 2019, midnight |
| Added to db | Jan. 30, 2023, 4:35 p.m. |
| Last updated | Nov. 17, 2024, 6:55 p.m. |
| Headline | 疑似Group123(APT37)针对中韩外贸人士的攻击活动分析 |
| Title | 疑似Group123(APT37)针对中韩外贸人士的攻击活动分析 |
| Detected Hints/Tags/Attributes | 13/1/33 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://mp.weixin.qq.com/s/Wnb-r7SWbGGN-XuQ8fW_jw |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | artmuseums.or.kr |
|
| Details | Domain | 1 | casaabadia.es |
|
| Details | Domain | 3 | www.chateau-eu.fr |
|
| Details | Domain | 1 | fjtlephare.fr |
|
| Details | File | 1 | 使用的诱饵名字包括제안서.rar |
|
| Details | File | 1 | bn-190820.rar |
|
| Details | File | 1 | delivery.rar |
|
| Details | File | 36 | 1.jpg |
|
| Details | File | 1 | c:\users\administrator\appdata\roaming\microsoft\windows\svchost.exe |
|
| Details | File | 1 | 首先读取同目录下的aconfig.ini |
|
| Details | File | 3 | gallery.jpg |
|
| Details | File | 1 | evasive-malware-campaign-abuses-free-cloud-service-targets-korean-speakers.html |
|
| Details | File | 816 | index.html |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 1 | delivery.doc |
|
| Details | File | 1 | bn-190820.doc |
|
| Details | File | 1 | 2019-08-08.doc |
|
| Details | File | 3 | guerrero-saade-raiu-vb2017.pdf |
|
| Details | md5 | 1 | 6f29df571ac82cfc99912fdcca3c7b4c |
|
| Details | md5 | 1 | 3cc51847c2b7b20138ad041300d7d722 |
|
| Details | md5 | 1 | e26c81c569f6407404a726d48aa4d886 |
|
| Details | md5 | 1 | ce4614fcf12ef25bcfc47cf68e3d008d |
|
| Details | md5 | 1 | 94fd9ed97f1bc418a528380b1d0a59c3 |
|
| Details | md5 | 1 | b23a707a8e34d86d5c4902760990e6b1 |
|
| Details | md5 | 1 | 51da0042fe2466747e6e6bc7ff6012b2 |
|
| Details | Threat Actor Identifier - APT | 277 | APT37 |
|
| Details | Url | 1 | http://artmuseums.or.kr/swfupload/fla/1.jpg文件到 |
|
| Details | Url | 1 | https://www.fortinet.com/blog/threat-research/evasive-malware-campaign-abuses-free-cloud-service-targets-korean-speakers.html |
|
| Details | Url | 4 | https://s.tencent.com/product/gjwxjc/index.html |
|
| Details | Url | 1 | http://artmuseums.or.kr/swfupload/fla/1.jpg |
|
| Details | Url | 1 | http://fjtlephare.fr/wp-content/uploads/2018/05/null |
|
| Details | Url | 1 | http://casaabadia.es |
|
| Details | Url | 1 | https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/07170728/guerrero-saade-raiu-vb2017.pdf |