기업 홍보물 제작을 위장한 악성 LNK 유포 - ASEC BLOG
Tags
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Powershell - T1059.001 Software - T1592.002 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | f4f5c639-0afe-4ccf-bf0e-9f8ce93dbdd4 |
| Fingerprint | c80b8f4ec13e7b37 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 10, 2023, 4:15 p.m. |
| Added to db | Nov. 19, 2023, 9:21 p.m. |
| Last updated | Nov. 12, 2024, 3:53 p.m. |
| Headline | 기업 홍보물 제작을 위장한 악성 LNK 유포 |
| Title | 기업 홍보물 제작을 위장한 악성 LNK 유포 - ASEC BLOG |
| Detected Hints/Tags/Attributes | 15/2/40 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/ko/58915/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 18 | ✔ | ASEC | https://asec.ahnlab.com/ko/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | file.lgclouds001.com |
|
| Details | Domain | 2 | ge.com |
|
| Details | Domain | 2 | file.ssdrive001.com |
|
| Details | Domain | 2 | qdlgna.cab |
|
| Details | Domain | 2 | accwebcloud.com |
|
| Details | File | 2 | 제작.zip |
|
| Details | File | 1 | _작성양식.docx |
|
| Details | File | 2 | %public%\qdlgna.cab |
|
| Details | File | 22 | start.vbs |
|
| Details | File | 2 | 66022014.bat |
|
| Details | File | 2 | 07915735.bat |
|
| Details | File | 2 | 73505966.bat |
|
| Details | File | 64 | list.php |
|
| Details | File | 13 | %computername%.txt |
|
| Details | File | 9 | temprun.bat |
|
| Details | File | 67 | get.php |
|
| Details | File | 61 | 1.bat |
|
| Details | File | 2 | 05210957.bat |
|
| Details | File | 97 | upload.php |
|
| Details | File | 2 | 88730413.bat |
|
| Details | File | 1 | 작성양식.docx |
|
| Details | File | 2 | 98543203.bat |
|
| Details | md5 | 2 | a95bd06ea44ca87c6ace0ad00fccdebb |
|
| Details | md5 | 2 | df243512be8f0eafd7ba7ad77f05e8f3 |
|
| Details | md5 | 2 | a6e811d205a9189ea0f82ac33a307cec |
|
| Details | md5 | 2 | 79b0289faf6f82118f2e8cdfa3f6be53 |
|
| Details | md5 | 2 | f8ebdb67fa4e7ba5f2723f6de6c389c8 |
|
| Details | md5 | 2 | 49caa5d4cbb8655ec8f349f0d4238344 |
|
| Details | md5 | 2 | feb594bbb8c0c853ab3c23049f374441 |
|
| Details | md5 | 2 | 51dbeea3d0d003115365a01481c9115b |
|
| Details | Url | 1 | https://file.lgclouds001.com/read/?ra=****.**@w*******ge.com |
|
| Details | Url | 1 | https://file.ssdrive001.com/read/?ra=*****.***@w*******ge.com |
|
| Details | Url | 2 | http://accwebcloud.com/list.php?f=%computername%.txt |
|
| Details | Url | 1 | https://file.lgclouds001.com/read/get.php?ra={string}&r={key} |
|
| Details | Url | 2 | http://accwebcloud.com/upload.php |
|
| Details | Url | 2 | https://file.ssdrive001.com/read |
|
| Details | Url | 2 | https://file.lgclouds001.com/read |
|
| Details | Url | 2 | https://file.lgclouds001.com/read/get.php |
|
| Details | Url | 2 | http://accwebcloud.com/list.php |
|
| Details | Windows Registry Key | 188 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run |