Shares tag: Phishing • Same author: Ahnlab • Published within a week
포털 사이트의 보안 프로그램으로 위장한 악성코드 주의
2019-11-18 • Ahnlab • Beware of malware disguised as a portal site security program •
AhnLab reported state-sponsored APT activity using phishing pages that imitate a well-known Korean portal site. The page changed behavior based on the visitor's user agent and offered either a PC security-program download or a mobile app lure to steal victim information. On Windows, the downloaded archive contained a dropper that displayed a fake installer dialog while creating additional malware in the temporary directory.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | e1338cc07877d4fa9269c2758e63779… | 2019-11-18 | 2019-11-18 |
| HASH | eb7db6d73af64d8f08a58f7b920a39d… | 2019-11-18 | 2019-11-18 |
| HASH | 316b5ea01db4171537a89ed97a037cc… | 2019-11-18 | 2019-11-18 |
| HASH | 04f93f726b70613654bc821ace90444… | 2019-11-18 | 2019-11-18 |
| URL | http://naver-clinic.drlve.in/pr… | 2019-11-18 | 2019-11-18 |
| URL | http://engine-center.pe.he/down… | 2019-11-18 | 2019-11-18 |
| DOMAIN | engine-center.pe.he | 2019-11-18 | 2019-11-18 |
| DOMAIN | engine-center.pe.hu | 2019-11-18 | 2019-11-18 |
| DOMAIN | naver-clinic.drlve.in | 2019-11-18 | 2019-11-18 |
Related Reports
Shares tag: Phishing • Same author: Ahnlab • Published within a week
Shares tag: Phishing • Same author: Ahnlab • Published within a week
Shares tag: Phishing • Same author: Ahnlab
2026-05-27 •
30% Match
#Kimsuky
#Phishing
#LNK
#MeshAgent
#T1140
#T1115
#T1056.001
#T1027
#T1204.002
#T1566.001
#T1059.001
#T1105
#T1055
#T1497.003
#T1218.005
Shares tag: Phishing • Same author: Ahnlab
Shares tag: Phishing • Same author: Ahnlab