Shares 1 IOC • Published within a month
"국제안보군사정세"내용으로 위장한 한글 악성코드
2019-02-07 • kino • Hangul malware disguised as content about the international security and military situation •
The Korean analysis describes an HWP malware document disguised as weekly international security and military information. The file used a PostScript vulnerability to load shellcode, perform staged decryption, inject code into iexplorer.exe, download an additional binary, and load a DLL named HimTray.dll. The lure and exploit chain show document-based targeting of users interested in security and military affairs.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 48d9e625ea3efbcbef3963c8714544a7 | 2019-02-07 | 2019-11-18 |
| HASH | ad6b7c7b61d662ab653c25fe850e240… | 2019-02-07 | 2019-02-07 |
| HASH | 64c9e04e9dd12796e76436364967ba8… | 2019-02-07 | 2019-02-07 |
| HASH | 5cc715e6a91385c5c092ff79c73592aa | 2019-02-07 | 2019-02-07 |
| HASH | a9c028a68deb18d900701a92bfd432a… | 2019-02-07 | 2019-02-07 |
| HASH | cd6a12cc693e98e4f47d2161e9fe99d… | 2019-02-07 | 2019-02-07 |
| URL | http://congre.co.kr/_Ext/adodb5… | 2019-02-07 | 2019-02-07 |
| DOMAIN | congre.co.kr | 2019-02-07 | 2019-02-07 |
Related Reports
Shares 1 IOC
Shares 1 IOC