Konni APT组织利用核问题、疫情为诱饵针对周边地区的攻击活动分析
Tags
country: | North Korea South Korea |
Common Information
Type | Value |
---|---|
UUID | ffebadf8-54f7-4486-832d-58ea4c38d0d1 |
Fingerprint | 6f4163192525ab4f |
Analysis status | IN_PROGRESS |
Considered CTI value | 0 |
Text language | |
Published | July 21, 2020, midnight |
Added to db | Dec. 20, 2024, 2:52 p.m. |
Last updated | Dec. 25, 2024, 10:29 a.m. |
Headline | Konni APT组织利用核问题、疫情为诱饵针对周边地区的攻击活动分析 |
Title | Konni APT组织利用核问题、疫情为诱饵针对周边地区的攻击活动分析 |
Detected Hints/Tags/Attributes | 13/1/53 |
Source URLs
Redirection | Url | |
---|---|---|
Details | Source | https://www.secrss.com/articles/24031 |
URL Provider
Attributes
Details | Type | #Events | CTI | Value |
---|---|---|---|---|
Details | Domain | 6 | medianewsonline.com |
|
Details | Domain | 2 | authadobe.medianewsonline.com |
|
Details | Domain | 5 | resulview.com |
|
Details | Domain | 1 | ftp.byethost9.com |
|
Details | Domain | 2 | take-me.scienceontheweb.net |
|
Details | Domain | 2 | footballs.sportsontheweb.net |
|
Details | Domain | 2 | kutacity.com |
|
Details | Domain | 40 | blog.alyac.co.kr |
|
Details | Domain | 297 | mp.weixin.qq.com |
|
Details | Domain | 6752 | 163.com |
|
Details | File | 2 | 2020_v4_eng.doc |
|
Details | File | 4 | relations.doc |
|
Details | File | 3 | кндр.doc |
|
Details | File | 4 | zx.exe |
|
Details | File | 2 | 并以加密的url为参数执行zx.exe |
|
Details | File | 2 | 执行其中的zx.bat |
|
Details | File | 2 | 其中xclientelv.dll |
|
Details | File | 5 | xclientsvc.dll |
|
Details | File | 55 | install.bat |
|
Details | File | 4 | zx.bat |
|
Details | File | 2 | 之后以相应的数值以及install.bat |
|
Details | File | 2 | 为参数执行xclientelv.dll |
|
Details | File | 3 | xclientelv.dll |
|
Details | File | 2 | 则直接启动install.bat |
|
Details | File | 2 | 则绕过uac后再执行install.bat |
|
Details | File | 2 | 功能为将xclientsvc.dll |
|
Details | File | 2 | 以及c2配置信息文件xclientsvc.ini |
|
Details | File | 2 | 之后读取同目录下的xclientsvc.ini |
|
Details | File | 20 | up.php |
|
Details | File | 10 | dn.php |
|
Details | File | 3 | 并通过hwp组件gbb.exe |
|
Details | File | 10 | vbs.txt |
|
Details | File | 10 | no1.txt |
|
Details | md5 | 2 | d41b09aa32633d77a8856dae33b3d7b9 |
|
Details | md5 | 2 | 37e713cf3dfe846aa9cbcc5cd09b92bd |
|
Details | md5 | 2 | 6973fa7aed812980f0539302d64e618f |
|
Details | md5 | 2 | cfa6d0d59624b961edadc04f5dae5777 |
|
Details | md5 | 2 | e9812302ce7e9ca5d42cfd4406a34494 |
|
Details | md5 | 2 | f05495a825e932c841f4d7f4e438ce0b |
|
Details | md5 | 2 | 16b19998f8bdbaecf07b2556fcbd8d68 |
|
Details | md5 | 2 | 478D643AFC47ABEA4ACB6BEA422F14F1 |
|
Details | md5 | 2 | 2F43138AA75FB12AC482B486CBC98569 |
|
Details | md5 | 2 | A5A2C0AD843A66ACA636CE17066CC417 |
|
Details | md5 | 2 | a49b2a238ec3da5a89c0faba16d55988 |
|
Details | md5 | 2 | da6e5db29ec181d66bdb39dac3f7b7d9 |
|
Details | md5 | 2 | f88720ed70cc3f8482814ff3e3187427 |
|
Details | IPv4 | 4 | 27.255.77.110 |
|
Details | Url | 2 | http://resulview.com/5hado/vbs.txt获取后续解密执行 |
|
Details | Url | 2 | http://27.255.77.110/xwow |
|
Details | Url | 4 | http://resulview.com/5hado/vbs.txt |
|
Details | Url | 3 | https://ti.qianxin.com/blog/articles/analysis-of-konni-apt-organization-attack-activities-disguised-as-korean-android-chat-application |
|
Details | Url | 1 | https://blog.alyac.co.kr/2543 |
|
Details | Url | 1 | https://mp.weixin.qq.com/s/gukd2lnr9le8flug4bffsw |