![souiten's tweet photo. Suspect #APT #maldoc with #QuasarRAT attacking Korea, still active
file:
e0cf0881de0fe35732bb02c1f4df02a3
"협의이혼의사확인신청서"
(Application for Confirmation of Intent to Divorce by Agreement)
[1/N] https://t.co/lnEcIOKUlU](https://pbs.twimg.com/media/FrK0m7VaIAAc11J.png)
![kienbigmummy's tweet photo. 🔥Maldoc sample spreads #LokiBot was submitted to VT from VN!!
📄hash:e1d6c159c4e0b5d404d763846914c1b33b26591fd4100da3235335889f6a9407
IOCs:
👹http://103[.]167.92.45/kung/GG18.exe
���http://171[.]22.30.164/kung/five/fre.php https://t.co/qnSuwSSlnS](https://pbs.twimg.com/media/FrF0vZIaQAAocH5.png)
![StopMalvertisin's tweet photo. #BITTER #APT
Patches updates.rar
dcc7bb850d931e3da18f3868a6a7c092
Patches updates.chm
e8ef56d0f67f44eb433a6aaa57abe991
https://lbhandlesystem[.]com/Axiom/set.php?h=%computername%*%username%
Scheduled Task: "MicrosoftTask" https://t.co/E2MRbWKC8T](https://pbs.twimg.com/media/Fqr-0gWakAA2sAn.png)
![StopMalvertisin's tweet photo. #BITTER #APT
Patches updates.rar
dcc7bb850d931e3da18f3868a6a7c092
Patches updates.chm
e8ef56d0f67f44eb433a6aaa57abe991
https://lbhandlesystem[.]com/Axiom/set.php?h=%computername%*%username%
Scheduled Task: "MicrosoftTask" https://t.co/E2MRbWKC8T](https://pbs.twimg.com/media/Fqr-vEfaAAQfFij.png)
![kienbigmummy's tweet photo. 🔥An email sample related to VN spreads #Lokibot
✉️hash:cb87ec5825659ec1919ac6ffdec4b88e4336c0be420c726ceab1917689fdd161
IOCs:
☠️107[.]175.212.18
🌐http://185[.]246.220.60/shen/five/fre.php https://t.co/iDRTNB7JbE](https://pbs.twimg.com/media/FqYpbg3agAc46vC.png)
![HaoZhixiang's tweet photo. The Kimsuky APT group used malicious 법제처국가법령정보센터.docx to attack South Korea
vba->powershell->IOC
md5 1b690440b54c2a830958fe54ad34e3c7
IOC
yundy+mypressonline+com/[dy]/yu[.]txt no longer accessible
@MalwareTechBlog @malwrhunterteam @DynamicAnalysis @mstoned7 https://t.co/ctmv3hipU3](https://pbs.twimg.com/media/Fh_wEL7UoAEvO1-.png)
![HaoZhixiang's tweet photo. The Kimsuky APT group used malicious 법제처국가법령정보센터.docx to attack South Korea
vba->powershell->IOC
md5 1b690440b54c2a830958fe54ad34e3c7
IOC
yundy+mypressonline+com/[dy]/yu[.]txt no longer accessible
@MalwareTechBlog @malwrhunterteam @DynamicAnalysis @mstoned7 https://t.co/ctmv3hipU3](https://pbs.twimg.com/media/Fh_wDd_VIAAvzFu.png)
![HaoZhixiang's tweet photo. The Kimsuky APT group used malicious 법제처국가법령정보센터.docx to attack South Korea
vba->powershell->IOC
md5 1b690440b54c2a830958fe54ad34e3c7
IOC
yundy+mypressonline+com/[dy]/yu[.]txt no longer accessible
@MalwareTechBlog @malwrhunterteam @DynamicAnalysis @mstoned7 https://t.co/ctmv3hipU3](https://pbs.twimg.com/media/Fh_wDR_UAAYuh8z.png)
Olivia
Online
360 ATA Cloud
@360atacloud
📦 360沙箱云 / 360 ATA Cloud (with 360 HuntingZero Lab) - advanced threat analysis sandbox, insight into each behaviour of malwares!
China
Joined November 2021
64 Following
131 Followers
35 Posts
New office vulnerability CVE-2023-33162 (only vuln, no exp & payload) caught by @360sandboxcloud and 360HuntingZeroLab 👉 https://t.co/CWYeSpyLNX 👉 https://t.co/lya9Ms51hS
A new out-of-bounds read vulnerability in winmm.dll of Windows, found by @360sandboxcloud , won't be fixed. https://t.co/wjoEhX4h2W
view report: https://t.co/DBHhHMZIDL
Suspect #APT #maldoc with #QuasarRAT attacking Korea, still active
file:
e0cf0881de0fe35732bb02c1f4df02a3
"협의이혼의사확인신청서"
(Application for Confirmation of Intent to Divorce by Agreement)
[1/N]
![souiten's tweet photo. Suspect #APT #maldoc with #QuasarRAT attacking Korea, still active
file:
e0cf0881de0fe35732bb02c1f4df02a3
"협의이혼의사확인신청서"
(Application for Confirmation of Intent to Divorce by Agreement)
[1/N] https://t.co/lnEcIOKUlU](https://pbs.twimg.com/media/FrK0o3DaEAU-ZnH.png)
view report: https://t.co/T4sp9HjjDi
🔥Maldoc sample spreads #LokiBot was submitted to VT from VN!!
📄hash:e1d6c159c4e0b5d404d763846914c1b33b26591fd4100da3235335889f6a9407
IOCs:
👹http://103[.]167.92.45/kung/GG18.exe
���http://171[.]22.30.164/kung/five/fre.php
![kienbigmummy's tweet photo. 🔥Maldoc sample spreads #LokiBot was submitted to VT from VN!!
📄hash:e1d6c159c4e0b5d404d763846914c1b33b26591fd4100da3235335889f6a9407
IOCs:
👹http://103[.]167.92.45/kung/GG18.exe
���http://171[.]22.30.164/kung/five/fre.php https://t.co/qnSuwSSlnS](https://pbs.twimg.com/media/FrF1V0EaQAEERne.jpg)
最新 RTF RCE 漏洞 CVE-2023-21716 分析 👉 #360沙箱云 #360sandboxcloud https://t.co/WHeTJAhoCF
https://t.co/VaDEVaUMSY
https://t.co/LZqhPWptXE
View it in 360 Sandbox Cloud 👉 https://t.co/SvyHTMu0a0
View it in 360 Sandbox Cloud:
https://t.co/7cDr1jzstH
🔥An email sample related to VN spreads #Lokibot
✉️hash:cb87ec5825659ec1919ac6ffdec4b88e4336c0be420c726ceab1917689fdd161
IOCs:
☠️107[.]175.212.18
🌐http://185[.]246.220.60/shen/five/fre.php
![kienbigmummy's tweet photo. 🔥An email sample related to VN spreads #Lokibot
✉️hash:cb87ec5825659ec1919ac6ffdec4b88e4336c0be420c726ceab1917689fdd161
IOCs:
☠️107[.]175.212.18
🌐http://185[.]246.220.60/shen/five/fre.php https://t.co/iDRTNB7JbE](https://pbs.twimg.com/media/FqYp4pqakAAhJ_w.jpg)
沙箱云网站现已升级 Android 检测功能 | Sandbox cloud website has upgraded Android detection!
https://t.co/V3HwkBEj6Y
360沙箱云新版“威胁追踪”页面已上线,欢迎体验! | The new "Threat Tracking" page of 360 Sandbox Cloud has arrived. Welcome to experience!
https://t.co/nOcl03FGVx
360 沙箱云 2.0 版本升级 https://t.co/KsC4qBv6SM
360沙箱云 2.0 版已发布! | 360 Sandbox Cloud v2.0 has arrived!
https://t.co/QusmjBG7gP
The detection from 360 Sandbox Cloud: https://t.co/U75rTxfkvV
The Kimsuky APT group used malicious 법제처국가법령정보센터.docx to attack South Korea
vba->powershell->IOC
md5 1b690440b54c2a830958fe54ad34e3c7
IOC
yundy+mypressonline+com/[dy]/yu[.]txt no longer accessible
@MalwareTechBlog @malwrhunterteam @DynamicAnalysis @mstoned7
![HaoZhixiang's tweet photo. The Kimsuky APT group used malicious 법제처국가법령정보센터.docx to attack South Korea
vba->powershell->IOC
md5 1b690440b54c2a830958fe54ad34e3c7
IOC
yundy+mypressonline+com/[dy]/yu[.]txt no longer accessible
@MalwareTechBlog @malwrhunterteam @DynamicAnalysis @mstoned7 https://t.co/ctmv3hipU3](https://pbs.twimg.com/media/Fh_wEvhVQAEfElv.png)
There is no prompt for the attack message sent by another email address involved.
The attack email involved in the worm mentioned in the last article has been warned tagged by a mail platform⚠️. But at present it seems that the sender's email should only be added to the alarm list, not based on the body of the email, attachments and other characteristics.
上次文章里提到的那个蠕虫病毒涉及到的攻击邮件已经被某邮箱平台添加了警告标记⚠️。不过目前看来应该只是把发件人邮箱地址加入了告警列表,而不是根据邮件正文、附件之类的特征来识别。因为涉及的另一个邮箱地址发的攻击邮件还没有任何提示。
记一起通过邮件传播的恶意程序攻击 | A malware attack spread by mail
https://t.co/6CU1uR2DJd
The new version is coming soon... #360sandboxcloud
The new version is coming soon... #360sandboxcloud
Most Popular Users
Elon Musk 
@elonmusk
240.3M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.4M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.7M followers
KATY PERRY
@katyperry
87.2M followers
Taylor Swift
@taylorswift13
81M followers
Lady Gaga
@ladygaga
72.6M followers
Kim Kardashian
@kimkardashian
69.6M followers
Virat Kohli
@imvkohli
69.2M followers
YouTube
@youtube
68.6M followers
Bill Gates
@billgates
63.6M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.8M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
60.3M followers