북한 APT 리퍼(Reaper)에서 만든 탈북민 사칭 한국해양수산연수원 타겟 인것으로 추측이 되는 악성코드-정보접근권.lnk(2024.11.1)
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Powershell - T1059.001 Python - T1059.006 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID ec6b87be-922f-4b12-9a88-cf17bb1a137d
Fingerprint 4bd78dda0f107e74
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 4, 2024, 12:09 a.m.
Added to db Nov. 4, 2024, 9:59 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline 꿈을꾸는 파랑새
Title 북한 APT 리퍼(Reaper)에서 만든 탈북민 사칭 한국해양수산연수원 타겟 인것으로 추측이 되는 악성코드-정보접근권.lnk(2024.11.1)
Detected Hints/Tags/Attributes 25/2/29
Source URLs
Redirection Url
Details Source http://wezard4u.tistory.com/429316
URL Provider
Details Provider Source level domain
Details tistory.com wezard4u.tistory.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 478 꿈을꾸는 파랑새 https://wezard4u.tistory.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 20 
cve-2024-44068
Details Domain 228 
system.io
Details Domain 2 
ile.seek
Details Domain 2 
lnkfile.re
Details Domain 3 
lnkfile.seek
Details Domain 2 
system.io.se
Details Domain 2 
nkfile.read
Details Domain 3 
lnkfile.read
Details Domain 2 
lnkfile.cl
Details Domain 2 
net.se
Details Domain 12 
trojan.link
Details File 8 
'.pdf
Details File 2 
caption.dat
Details File 2 
'+'elephant.dat
Details File 3 
rshell.exe
Details File 2 
elephant.dat
Details File 7 
pdf.pdf
Details File 2 
sophia.json
Details File 2 
extracted_shark.bat
Details File 1208 
powershell.exe
Details File 748 
kernel32.dll
Details File 8 
붙임.chm
Details File 9 
악성코드-pnx01.apk
Details md5 2 
89c0d2cc1e71b17449eec454161d60da
Details sha1 2 
e9528f09f1e58ffc308893087f4a8b77aa1d544d
Details sha256 2 
707e8cb56f32209ca837f2853801256cd3490ed2cc4b3428dc5e4238848f226d
Details IPv6 6 
::c
Details Threat Actor Identifier - APT 277 
APT37
Details Url 2 
https://api.pcloud