ioc[.]one - OSINT Cyber Threat Intelligence Database

북한 해킹 단체 김수키(Kimsuky)에서 만든 스피어 피싱으로 제작된 악성코드-열차9월10일원고(화)_4.bat(2024.12.02)

Tags

attack-pattern:

Powershell - T1059.001 Powershell - T1086

Show in Graph

Common Information

Type	Value
UUID	f9f6bd56-c93f-4d6a-b714-f99dc18abe98
Fingerprint	fef59f5e9f8b73e1
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 17, 2024, midnight
Added to db	Dec. 16, 2024, 4:58 p.m.
Last updated	Dec. 19, 2024, 2:29 p.m.
Headline	꿈을꾸는 파랑새
Title	북한 해킹 단체 김수키(Kimsuky)에서 만든 스피어 피싱으로 제작된 악성코드-열차9월10일원고(화)_4.bat(2024.12.02)
Detected Hints/Tags/Attributes	14/1/16

Source URLs

	Redirection	Url
Details	Source	https://wezard4u.tistory.com/429357
Details	Source	http://wezard4u.tistory.com/429357

URL Provider

Details	Provider	Source level domain
Details	tistory.com	wezard4u.tistory.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	478	✔	꿈을꾸는 파랑새	https://wezard4u.tistory.com/feed	2024-08-30 22:08

Attributes

Details	Type	#Events	CTI	Value
Details	File	6		_4.bat
Details	File	1329		powershell.exe
Details	File	3		elephant.dat
Details	File	14		'kernel32.dll
Details	File	802		kernel32.dll
Details	File	3		caption.dat
Details	File	14		악성코드-system_first.ps1
Details	File	14		악성코드-pay.bat
Details	File	13		apt-telegram.txt
Details	md5	1		c0b447e45be32bd6ceba8c6455472b37
Details	sha1	1		5b191427f2d47efe8a8e7bb195f1b4a9f5a2c585
Details	sha256	1		5306582c8a24508b594fed478d5abaa5544389c86ba507d8ebf98c5c7edde451
Details	Microsoft Patch Numbers	14		KB5048652
Details	Microsoft Patch Numbers	15		KB5048667
Details	Microsoft Patch Numbers	14		KB5048685
Details	Threat Actor Identifier - APT	316		APT37