Shares tag: CVE-2021-40444 • Shares 1 IOC • Published within a week
北 평양과학기술대학 총장을 사칭한 CVE-2021-40444 취약점 공격 주의
2021-11-11 • ESTSecurity • Beware of attack on the CVE-2021-40444 vulnerability impersonating the president of North Korea's Pyongyang University of Science and Technology •
ESRC reports a North Korea-linked spear-phishing case impersonating the president of Pyongyang University of Science and Technology and exploiting CVE-2021-40444 in a malicious DOCX document. If opened on an unpatched Microsoft Office system, the document contacts officeversion.mywebcommunity[.]org, executes attacker-controlled script, then connects to msoffices.atwebpages[.]com and a Google Blogspot command source to collect and exfiltrate host information. ESRC links the activity to the same POSEIDON author account seen in earlier attacks against defense, security, diplomacy, and unification experts. The report underscores continued DPRK adoption of document vulnerabilities such as CVE-2020-9715 and CVE-2021-40444 for tailored targeting.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| DOMAIN | officeversion.mywebcommunity.org | 2021-11-11 | 2021-11-17 |
| DOMAIN | msoffices.atwebpages.com | 2021-11-11 | 2021-11-11 |
Related Reports
Shares tag: CVE-2021-40444 • Same author: ESTSecurity • Published within a week
2023-09-27 •
40% Match
#CVE-2021-40444
#MataDoor
#DarkRiver
#T1082
#T1059.003
#T1140
#T1005
#T1041
#T1046
#T1112
#T1083
#T1071
#T1124
#T1057
#T1566.001
#T1620
#T1129
#T1622
#T1135
#T1027.002
#T1090.003
#T1008
#T1571
#T1049
#T1016
#T1018
#T1074.001
#T1218.011
#T1036.004
#T1218.010
#T1106
#T1090.001
#T1095
#T1033
#T1543.003
#T1090.002
#T1560.002
#T1132
#T1030
#T1572
#T1572.001
#T1572.002
Shares tag: CVE-2021-40444