APT Attacks Using Malicious Word File of a Particular Thesis - ASEC BLOG
Tags
country: China North Korea
maec-delivery-vectors: Watering Hole
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID ec5919a5-f2ae-4e76-99ba-1bcbfe9f05e9
Fingerprint d444d34709741827
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 25, 2021, 1:22 p.m.
Added to db Sept. 11, 2022, 4:59 p.m.
Last updated Nov. 14, 2024, 2:04 p.m.
Headline APT Attacks Using Malicious Word File of a Particular Thesis
Title APT Attacks Using Malicious Word File of a Particular Thesis - ASEC BLOG
Detected Hints/Tags/Attributes 23/3/22
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/en/27981/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
Attributes
Details Type #Events CTI Value
Details Domain 372 
wscript.shell
Details Domain 4 
winhttpreq.open
Details Domain 2 
n4028chu.mywebcommunity.org
Details Domain 4 
0knw2300.mypressonline.com
Details Domain 2 
hanjutour.atwebpages.com
Details Domain 2 
n4028chu.atwebpages.com
Details Domain 2 
23000knw.mypressonline.com
Details File 1 
theories.doc
Details File 10 
form.doc
Details File 9 
template.doc
Details File 1 
relations.dot
Details File 2 
theories.pdf
Details File 3 
p.ini
Details File 3 
excelapp.exe
Details File 29 
d.php
Details File 9 
%appdata%\desktop.ini
Details md5 2 
5eb09dd7aafdd5af5a8396497f99e0e7
Details Url 2 
http://n4028chu.mywebcommunity.org/d.php
Details Url 4 
http://0knw2300.mypressonline.com/d.php
Details Url 2 
http://hanjutour.atwebpages.com/d.php
Details Url 2 
http://n4028chu.atwebpages.com/d.php
Details Url 2 
http://23000knw.mypressonline.com/d.php