PebbleDash와 RDP Wrapper를 악용한 Kimsuky 그룹의 최신 공격 사례 분석 - ASEC
Tags
attack-pattern: Mshta - T1218.005 Regsvr32 - T1218.010 Connection Proxy - T1090 Mshta - T1170 Regsvr32 - T1117
Show in Graph
Common Information
Type Value
UUID f2dd7f9c-c679-4fa0-ae7e-01e99ba89f61
Fingerprint 187e108237bb4aa8
Analysis status DONE
Considered CTI value 0
Text language
Published Oct. 23, 2024, 3 p.m.
Added to db Oct. 24, 2024, 10 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline PebbleDash와 RDP Wrapper를 악용한 Kimsuky 그룹의 최신 공격 사례 분석
Title PebbleDash와 RDP Wrapper를 악용한 Kimsuky 그룹의 최신 공격 사례 분석 - ASEC
Detected Hints/Tags/Attributes 12/1/6
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/ko/84066/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 18 ASEC https://asec.ahnlab.com/ko/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details File 1 
문의사항.docx
Details File 1 
20241015_56801.docx
Details File 2 
cso_20240524.xlsx
Details File 4 
rdpwrap.dll
Details File 459 
regsvr32.exe
Details File 478 
lsass.exe