RDP를 통해 유포 중인 GlobeImposter 랜섬웨어 (with MedusaLocker) - ASEC BLOG
Tags
| attack-pattern: | Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | fcb6611d-2d29-48d6-8b9d-0cac923ff7ed |
| Fingerprint | 145ae9db9f4a1ce7 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 28, 2023, 5:06 p.m. |
| Added to db | Feb. 28, 2023, 10:21 a.m. |
| Last updated | Nov. 17, 2024, 6:49 p.m. |
| Headline | RDP를 통해 유포 중인 GlobeImposter 랜섬웨어 (with MedusaLocker) |
| Title | RDP를 통해 유포 중인 GlobeImposter 랜섬웨어 (with MedusaLocker) - ASEC BLOG |
| Detected Hints/Tags/Attributes | 35/1/34 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://asec.ahnlab.com/ko/48621/ |
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 18 | ✔ | ASEC | https://asec.ahnlab.com/ko/feed/ | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 31 | pool.supportxmr.com |
|
| Details | Domain | 285 | microsoft.net |
|
| Details | File | 1260 | explorer.exe |
|
| Details | File | 13 | advanced_port_scanner.exe |
|
| Details | File | 16 | 3869.exe |
|
| Details | File | 4 | networkshare_pre2.exe |
|
| Details | File | 2 | miners.exe |
|
| Details | File | 2 | ols.exe |
|
| Details | File | 14 | how_to_back_files.html |
|
| Details | File | 2 | rl_coinminer.c4 |
|
| Details | File | 4 | win.ps |
|
| Details | File | 2 | olm.exe |
|
| Details | File | 4 | mimik.exe |
|
| Details | File | 4 | mimispool.dll |
|
| Details | File | 15 | mimilib.dll |
|
| Details | File | 3 | mimikatz.dll |
|
| Details | File | 3 | 86.exe |
|
| Details | File | 16 | 64.exe |
|
| Details | File | 16 | cmd.php |
|
| Details | md5 | 2 | 715ddf490dbaf7d67780e44448e21ca1 |
|
| Details | md5 | 2 | 646698572afbbf24f50ec5681feb2db7 |
|
| Details | md5 | 2 | 70f87b7d3aedcd50c9e1c79054e026bd |
|
| Details | md5 | 4 | f627c30429d967082cdcf634aa735410 |
|
| Details | md5 | 5 | 597de376b1f80c06d501415dd973dcec |
|
| Details | md5 | 6 | 4fdabe571b66ceec3448939bfb3ffcd1 |
|
| Details | md5 | 4 | 6a58b52b184715583cda792b56a0a1ed |
|
| Details | md5 | 2 | 4edd26323a12e06568ed69e49a8595a5 |
|
| Details | md5 | 4 | a03b57cc0103316e974bbb0f159f78f6 |
|
| Details | md5 | 2 | ddfad0d55be70acdfea36acf28d418b3 |
|
| Details | md5 | 2 | 21ea77788aa2649614c9ec739f1dd1b8 |
|
| Details | md5 | 2 | 5e1a53a0178c9be598edff8c5170b91c |
|
| Details | md5 | 6 | bb8bdb3e8c92e97e2f63626bc3b254c4 |
|
| Details | IPv4 | 2 | 46.148.235.114 |
|
| Details | Url | 2 | http://46.148.235.114/cmd.php |