Warning Against Distribution of Malware Impersonating a Public Organization (LNK) - ASEC BLOG
Tags
| country: | China Japan |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | ea5b5a20-c58f-42bd-bd6f-ada787024c52 |
| Fingerprint | 60a59f194ddcca6a |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 15, 2023, 7:42 a.m. |
| Added to db | Nov. 19, 2023, 9:20 p.m. |
| Last updated | Nov. 8, 2024, 3:41 a.m. |
| Headline | Warning Against Distribution of Malware Impersonating a Public Organization (LNK) |
| Title | Warning Against Distribution of Malware Impersonating a Public Organization (LNK) - ASEC BLOG |
| Detected Hints/Tags/Attributes | 42/3/24 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/en/59042/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 17 | ✔ | ASEC | https://asec.ahnlab.com/en/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 42 | co.kr |
|
| Details | Domain | 3 | ek.com |
|
| Details | File | 64 | list.php |
|
| Details | File | 5 | r_enc.bin |
|
| Details | File | 2 | %temp%\client.ps1 |
|
| Details | File | 2 | version103.vbs |
|
| Details | File | 3 | client.ps1 |
|
| Details | File | 29 | show.php |
|
| Details | md5 | 4 | b70bc31b537caf411f97a991d8292c5a |
|
| Details | md5 | 4 | 64dee04b6e6404c14d10971adf35c3a7 |
|
| Details | md5 | 4 | eb614c99614c3365bdc926a73ef7a492 |
|
| Details | md5 | 4 | fb5aec165279015f17b29f9f2c730976 |
|
| Details | md5 | 3 | de7cd0de5372e7801dab5aafd9c19148 |
|
| Details | md5 | 3 | d00aa4b1a3cd9373d49c023580711170 |
|
| Details | md5 | 3 | 209ac4185dfc1e4d72c035ecb7f98eac |
|
| Details | md5 | 2 | 5E5A87D0034E80E6B86A64387779DC2E |
|
| Details | md5 | 3 | 40b7c3bced2975d70359a07c4f110f18 |
|
| Details | md5 | 3 | 0040aa9762c2534ac44d9a6ae7024d15 |
|
| Details | IPv4 | 5 | 165.154.230.24 |
|
| Details | Url | 2 | http://iso****.co.kr/adm/img/up/down0/list.php?query=1 |
|
| Details | Url | 2 | http://m****.com/pg/adm/tdr/upi/down0/r_enc.bin |
|
| Details | Url | 2 | http://ky****ek.com/js/sub/aos/dull/down1/r_enc.bin |
|
| Details | Url | 2 | http://ky****ek.com/js/sub/aos/dull/down1/list.php?query=1 |
|
| Details | Url | 1 | http://ky****ek.com/js/sub/aos/dull/down1/show.php |