Hakuna Matata Ransomware Targeting Korean Companies - ASEC BLOG
Tags
attack-pattern: Data Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001 Remote Desktop Protocol - T1021.001 Rundll32 - T1218.011 Brute Force - T1110 Remote Desktop Protocol - T1076 Rundll32 - T1085
Show in Graph
Common Information
Type Value
UUID e5ff4340-7002-4497-bd4c-fb07edc698f0
Fingerprint 25349a1906469656
Analysis status DONE
Considered CTI value 0
Text language
Published Aug. 16, 2023, 8:02 a.m.
Added to db Oct. 24, 2023, 1:15 p.m.
Last updated Nov. 17, 2024, 6:49 p.m.
Headline Hakuna Matata Ransomware Targeting Korean Companies
Title Hakuna Matata Ransomware Targeting Korean Companies - ASEC BLOG
Detected Hints/Tags/Attributes 84/1/32
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/en/56010/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
Attributes
Details Type #Events CTI Value
Details Domain 23 
techmail.info
Details Domain 74 
proton.me
Details Email 2 
keylan@techmail.info
Details Email 2 
gerb666@proton.me
Details File 2 
rch.exe
Details File 2 
ver7.exe
Details File 5 
bulletspassview64.exe
Details File 3 
dialupass.exe
Details File 7 
mailpv.exe
Details File 5 
mspass.exe
Details File 6 
netpass64.exe
Details File 2 
netrouteview.exe
Details File 5 
rdpv.exe
Details File 5 
routerpassview.exe
Details File 5 
vncpassview.exe
Details File 10 
webbrowserpassview.exe
Details File 5 
wirelesskeyview64.exe
Details File 56 
processhacker.exe
Details File 2 
-id-readme.txt
Details File 351 
recycle.bin
Details File 101 
iconcache.db
Details File 243 
autorun.inf
Details File 143 
thumbs.db
Details File 120 
boot.ini
Details File 90 
bootfont.bin
Details File 66 
ntuser.ini
Details File 196 
desktop.ini
Details File 193 
ntuser.dat
Details File 2 
%localappdata%\rundll32.exe
Details File 131 
tar.gz
Details File 19 
tar.xz
Details md5 2 
1a5dd79047766bd09c27f0336dd22142