Malicious HWP Files with BAT Scripts Being Distributed Actively (North Korea/National Defense/Broadcasting) - ASEC BLOG
Tags
country: North Korea
attack-pattern: Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Powershell - T1086
Show in Graph
Common Information
Type Value
UUID f3217fc8-37b3-4495-a5ec-f153b9204ea9
Fingerprint 8eb1d37a8eae064b
Analysis status DONE
Considered CTI value 2
Text language
Published June 17, 2022, 4:16 p.m.
Added to db Sept. 11, 2022, 4:59 p.m.
Last updated Nov. 18, 2024, 1:24 p.m.
Headline Malicious HWP Files with BAT Scripts Being Distributed Actively (North Korea/National Defense/Broadcasting)
Title Malicious HWP Files with BAT Scripts Being Distributed Actively (North Korea/National Defense/Broadcasting) - ASEC BLOG
Detected Hints/Tags/Attributes 31/2/22
Source URLs
Redirection Url
Details Source https://asec.ahnlab.com/en/35405/
URL Provider
Details Provider Source level domain
Details ahnlab.com asec.ahnlab.com
Attributes
Details Type #Events CTI Value
Details Domain 190 
asec.ahnlab.com
Details Domain 2 
ap8.name
Details File 1212 
powershell.exe
Details File 291 
user32.dll
Details File 16 
help.exe
Details File 748 
kernel32.dll
Details File 2 
t32.bat
Details File 3 
c:\windows\syswow64\help.exe
Details md5 2 
882546e8fc2dc2fd580170afda20e396
Details md5 2 
1d413a7c62b48760838bed0d03a35b05
Details md5 2 
393f78e609af5e77da5ea9ba10facbfb
Details md5 2 
e223711e31431250946203c27372cd3a
Details md5 2 
9aac95c3d76319fe3df9fed53fb06507
Details md5 2 
7442a74c7351b8ab0bb49b778530a95e
Details md5 2 
404e2fe1fbca70603cb91932664bc112
Details md5 2 
87c1f6ab7933bce7969f593e3c6096c2
Details md5 2 
b5b0ffecc4b30e7f140b517333c6a2d2
Details md5 2 
546ae7bd8b88289a21ac8d7dc62a3bd7
Details md5 2 
390a2439581b8c04adace93fed2e4425
Details md5 2 
7dea7277f672ad85fdf344c467f739eb
Details md5 2 
667dbfdc01cc6e808b2485c7eed74e97
Details Url 1 
https://asec.ahnlab.com/en/32456