Behavioral task
behavioral1
Sample
(20220120)2022 - 001.chm
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
(20220120)2022 - 001.chm
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
(ì–‘ì‹) ì œ20대 ëŒ€í†µë ¹ ì·¨ìž„ì‹ ìž¬ì™¸ë™í¬ ì°¸ì„ìž ì¶”ì²œ 명단(êµë¯¼ì˜íž˜ë‹¹ì› 000).chm
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
(ì–‘ì‹) ì œ20대 ëŒ€í†µë ¹ ì·¨ìž„ì‹ ìž¬ì™¸ë™í¬ ì°¸ì„ìž ì¶”ì²œ 명단(êµë¯¼ì˜íž˜ë‹¹ì› 000).chm
Resource
win10v2004-20230221-en
Behavioral task
behavioral5
Sample
(ì–‘ì‹) ì œ20대 ëŒ€í†µë ¹ ì·¨ìž„ì‹ ìž¬ì™¸ë™í¬ ì°¸ì„ìž ì¶”ì²œ 명단(êµë¯¼ì˜íž˜ë‹¹ì› 000).xls
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
(ì–‘ì‹) ì œ20대 ëŒ€í†µë ¹ ì·¨ìž„ì‹ ìž¬ì™¸ë™í¬ ì°¸ì„ìž ì¶”ì²œ 명단(êµë¯¼ì˜íž˜ë‹¹ì› 000).xls
Resource
win10v2004-20230220-en
General
-
Target
APT 37 Previous Commits 1.7z
-
Size
17.9MB
-
MD5
3dfafcc426a7af56892cfdb7b180fac6
-
SHA1
d0bc1375e9ce966cdb13b37fd6c5cf523cdf8e6a
-
SHA256
43e47a037425c2efb68f0ba0004f7e851e8c242c5fa7ae6ade0e54fdd81e380a
-
SHA512
b8c331f7b1b499a4ce699ada16b6fd53d5e6cba9dbab19b78c702bbc28959618e70566cf7054e0a85eae3bc65668454b2250f2fde2ffd9a30debf8346d752f49
-
SSDEEP
393216:m/cc1Pun8u1mKpX2U+wkzXOm2hSPUjG2UT5esTFZiYvOtvYKLOXVfsd:arPuHIQ+F7J2XG2A5esTF3WSFfsd
Malware Config
Signatures
-
Office macro that triggers on suspicious action 2 IoCs
Office document macro which triggers in special circumstances - often malicious.
Processes:
resource yara_rule static1/unpack003/(ì–‘ì‹) ì œ20대 ëŒ€í†µë ¹ ì·¨ìž„ì‹ ìž¬ì™¸ë™í¬ ì°¸ì„ìž ì¶”ì²œ 명단(êµë¯¼ì˜íž˜ë‹¹ì› 000).xls office_macro_on_action static1/unpack001/APT 37 Previous Commits 1/(ì–‘ì‹) ì œ20대 ëŒ€í†µë ¹ ì·¨ìž„ì‹ ìž¬ì™¸ë™í¬ ì°¸ì„ìž ì¶”ì²œ 명단(êµë¯¼ì˜íž˜ë‹¹ì› 000).xls office_macro_on_action -
Processes:
resource static1/unpack003/(ì–‘ì‹) ì œ20대 ëŒ€í†µë ¹ ì·¨ìž„ì‹ ìž¬ì™¸ë™í¬ ì°¸ì„ìž ì¶”ì²œ 명단(êµë¯¼ì˜íž˜ë‹¹ì› 000).xls
Files
-
APT 37 Previous Commits 1.7z.7z
Password: infected
-
APT 37 Previous Commits 1/(20220120)2022ë…„ ì´ë™ì°½íšŒ ì‹ ë…„ì¸ì‚¬001.rar.rar
Password: infected
-
(20220120)2022 - 001.chm.chm
-
APT 37 Previous Commits 1/(ì–‘ì‹) ì œ20대 ëŒ€í†µë ¹ ì·¨ìž„ì‹ ìž¬ì™¸ë™í¬ ì°¸ì„ìž ì¶”ì²œ 명단(êµë¯¼ì˜íž˜ë‹¹ì› 000).rar.rar
Password: infected
-
(ì–‘ì‹) ì œ20대 ëŒ€í†µë ¹ ì·¨ìž„ì‹ ìž¬ì™¸ë™í¬ ì°¸ì„ìž ì¶”ì²œ 명단(êµë¯¼ì˜íž˜ë‹¹ì› 000).chm.chm
-
(ì–‘ì‹) ì œ20대 ëŒ€í†µë ¹ ì·¨ìž„ì‹ ìž¬ì™¸ë™í¬ ì°¸ì„ìž ì¶”ì²œ 명단(êµë¯¼ì˜íž˜ë‹¹ì› 000).xls.xls windows office2003
Module1
ThisWorkbook
Sheet1
-
APT 37 Previous Commits 1/(ì–‘ì‹) ì œ20대 ëŒ€í†µë ¹ ì·¨ìž„ì‹ ìž¬ì™¸ë™í¬ ì°¸ì„ìž ì¶”ì²œ 명단(êµë¯¼ì˜íž˜ë‹¹ì› 000).xls.xls windows office2003
Module1
ThisWorkbook
Sheet1
-
APT 37 Previous Commits 1/1.rar.rar
-
APT 37 Previous Commits 1/2017-APEC.rar.rar
-
APT 37 Previous Commits 1/2021ë…„ ICT융합 스마트공장 구축 ë° ê³ ë„í™” 사업 최종ê°ë¦¬ë³´ê³ ì„œ(ì— í”ŒëŸ¬ìŠ¤ì—프엔씨, ì¸ë²„스, ì •ì°¬í˜)_초안.hwp
-
APT 37 Previous Commits 1/2022 후기 ì‹ -íŽ¸ìž…ìƒ ëª¨ì§‘ìš”ê°•.rar.rar
-
APT 37 Previous Commits 1/2022-01-27-notification.rar.rar
-
APT 37 Previous Commits 1/2022-03-22.rar.rar
-
APT 37 Previous Commits 1/2022.04.27.rar.rar
-
APT 37 Previous Commits 1/20220315-112_Notice.rar.rar
-
APT 37 Previous Commits 1/202203_5_06.rar.rar
-
APT 37 Previous Commits 1/20220510_115155.rar.rar
-
APT 37 Previous Commits 1/20220913.rar.rar
-
APT 37 Previous Commits 1/20220916093205755684_TSA.rar.rar
-
APT 37 Previous Commits 1/2022ë…„ êµë°©ë¶€ 부임ì´ì‚¬ 안내(몽골리아).rar.rar
-
APT 37 Previous Commits 1/2022ë…„ 외êµì¸ 주민êµë¥˜ë¥¼ 통한 ê¸°ìˆ ì¸ìœ¼ë¡œ 진로 ì§ì—…지ë„사업.hwp
-
APT 37 Previous Commits 1/20230302_Guide.rar.rar
-
APT 37 Previous Commits 1/220915 ìˆ˜ì •.hwp
-
APT 37 Previous Commits 1/3. ê°œì¸ì •ë³´ë³´ì™„서약서_ë¶ì£¼í˜‘.hwp
-
APT 37 Previous Commits 1/3사복지업무.rar.rar
-
APT 37 Previous Commits 1/Ambassador Schedule Week 6 2023.rar.rar
-
APT 37 Previous Commits 1/Ambassador Schedule Week 6 2023.zip.zip
-
APT 37 Previous Commits 1/Announcement.rar.rar
-
APT 37 Previous Commits 1/BoanMail (1).rar.rar
-
APT 37 Previous Commits 1/BoanMail.rar.rar
-
APT 37 Previous Commits 1/[INSS] National Security and Strategy (Winter 2022).rar.rar
-
APT 37 Previous Commits 1/[붙임] ì œ20대 ëŒ€í†µë ¹ì„ ê±° ì œ1ì°¨ ì •ì±…í† ë¡ íšŒ ì‹œì² ì•ˆë‚´ë¬¸.rar.rar
-
APT 37 Previous Commits 1/boanmail-202101-j08.rar.rar
-
APT 37 Previous Commits 1/boanmail_202201_2_505824.rar.rar
-
APT 37 Previous Commits 1/boanmail_202201_5_02-10424.rar.rar
-
APT 37 Previous Commits 1/boanmail_202201_5_80222982.rar.rar