2023-11-01 •
40% Match
#OLE
Shares tag: OLE
HWP OLE 개체 악용 악성코드
2022-06-01 • Somansa • HWP OLE object exploitation malware •
https://www.somansa.com/wp-content/uploads/2022/08/hwpole_202206.pdf
Attachments
hwpole_202206.pdf (2 MB)
Somansa reported continued North Korea-attributed abuse of HWP OLE objects against South Korean users even after Microsoft patched CVE-2022-30190. The analyzed lures included broadcast invitation requests, surveys for North Korean defector advisers, inter-Korean affairs documents, construction-activity documents, disaster-relief consent forms, foreign-ministry inspection files, and forum payment forms. The report says malicious HWP documents are especially effective in South Korea because HWP is widely used by public agencies, schools, and related businesses, with diplomats, security officials, and North Korea-related personnel frequently targeted.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| URL | https://work3.b4a.app | 2022-06-01 | 2024-04-09 |
| URL | http://hanainternational.net/ed… | 2022-06-01 | 2022-07-25 |
| DOMAIN | hanainternational.net | 2022-05-09 | 2022-07-25 |
| HASH | a73c3f27b0c6ccb8eddde4c0b9d0089… | 2022-06-01 | 2022-06-20 |
| HASH | 7975bbbfcb75dabb3271a8f1a79d67a… | 2022-06-01 | 2022-06-20 |
| HASH | a73c3f27b0c6ccb8eddde4c0b9d0089… | 2022-06-01 | 2022-06-01 |
| URL | https://work3.b4a.app/download.… | 2022-06-01 | 2022-06-01 |
Related Reports
Shares tag: OLE
2022-06-20 •
37% Match
Shares 3 IOCs • Published within a month
2022-05-09 •
25% Match
Shares 1 IOC • Published within a month
Shares 2 IOCs
2024-04-09 •
5% Match
#TEMP.Reaper
Shares 1 IOC