Shares tag: Phishing • Shares 14 IOCs • Same author: Ahnlab • Published within a week
Malware Disguised as a Manuscript Solicitation Letter (Targeting Security-Related Workers)
2023-01-17 • Ahnlab •
On January 8th, the ASEC analysis team identified the distribution of a document-type malware targeting workers in the security field. The obtained malware uses an external object within a Word document to execute an additional malicious macro. The normal document file distributed with the malware by the threat actor has text written in Korean but includes Chinese fonts. Recently, there has been a surge of APT attacks using the template injection method.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| IPv4 | 112.175.85.243 | 2023-01-10 | 2024-10-04 |
| HASH | dd954121027d662158dcad24c21d04ba | 2023-01-10 | 2023-01-17 |
| HASH | 3fe5ce0be3ce20b0c3c9a6cd0dae4ae9 | 2023-01-10 | 2023-01-17 |
| HASH | 68e79490ed1563904791ca54c97b680a | 2023-01-10 | 2023-01-17 |
| HASH | 2244f8798062d4cef23255836a2b4569 | 2023-01-10 | 2023-01-17 |
| HASH | 2c9d6f178f652c44873edad3ae98fff5 | 2023-01-10 | 2023-01-17 |
| HASH | f22899abfa82e34f6e59fa97847c7dfd | 2023-01-10 | 2023-01-17 |
| URL | http://lifehelper.kr/gnuboard4/… | 2023-01-10 | 2023-01-17 |
| URL | http://lifehelper.kr/gnuboard4/… | 2023-01-10 | 2023-01-17 |
| URL | http://lifehelper.kr/gnuboard4/… | 2023-01-10 | 2023-01-17 |
| URL | http://lifehelper.kr/gnuboard4/… | 2023-01-10 | 2023-01-17 |
| URL | http://lifehelper.kr/gnuboard4/… | 2023-01-10 | 2023-01-17 |
| URL | http://lifehelper.kr/gnuboard4/… | 2023-01-10 | 2023-01-17 |
| DOMAIN | lifehelper.kr | 2023-01-10 | 2023-01-17 |
Related Reports
Shares tag: Phishing • Same author: Ahnlab • Published within a month
Shares tag: Phishing • Same author: Ahnlab • Published within a month
Shares tag: Phishing • Same author: Ahnlab • Published within a week
Shares tag: Phishing • Same author: Ahnlab • Published within a month
Shares tag: Phishing • Same author: Ahnlab