NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea
Tags
cmtmf-attack-pattern: Process Injection
country: North Korea South Korea
maec-delivery-vectors: Watering Hole
attack-pattern: Data Credentials - T1589.001 Domains - T1583.001 Domains - T1584.001 Keylogging - T1056.001 Keylogging - T1417.001 Malware - T1587.001 Malware - T1588.001 Network Security Appliances - T1590.006 Process Injection - T1631 Process Injection - T1055 Scripting - T1064 Scripting
Show in Graph
Common Information
Type Value
UUID f622f635-e1eb-4979-9b62-8dad05fe739e
Fingerprint 2dee197305a54fcd
Analysis status DONE
Considered CTI value 2
Text language
Published May 31, 2018, 7 p.m.
Added to db Sept. 26, 2022, 9:32 a.m.
Last updated Nov. 18, 2024, 1:38 a.m.
Headline Vulnerability Information
Title NavRAT Uses US-North Korea Summit As Decoy For Attacks In South Korea
Detected Hints/Tags/Attributes 68/4/15
Source URLs
Redirection Url
Details Source https://blog.talosintelligence.com/2018/05/navrat.html
Details Source https://blog.talosintelligence.com/2018/05/navrat.html?m=1
URL Provider
Details Provider Source level domain
Details talosintelligence.com blog.talosintelligence.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
artndesign2.cafe24.com
Details Domain 25 
daum.net
Details Domain 1 
mailacounts.com
Details Domain 904 
snort.org
Details Email 1 
chioekang59@daum.net
Details File 5 
img.png
Details File 1 
emp.exe
Details File 2127 
cmd.exe
Details File 409 
c:\windows\system32\cmd.exe
Details File 1 
a24f.tmp
Details File 1 
%programdata%\ahnlab\googleupdate.exe
Details sha256 1 
e5f191531bc1c674ea74f8885449f4d934d5f1aa7fd3aaa283fe70f9402b9574
Details sha256 1 
4f06eaed3dd67ce31e7c8258741cf727964bd271c3590ded828ad7ba8d04ee57
Details sha256 1 
e0257d187be69b9bee0a731437bf050d56d213b50a6fd29dd6664e7969f286ef
Details Url 1 
http://artndesign2.cafe24.com:80/skin_board/s_build_cafeblog/exp_include/img.png