来源:

https://app.any.run/tasks/40e97aef-9a26-4d59-b2d9-f0a4eec19c0b/

组织:

kimsuky ,APT37

https://attack.mitre.org/versions/v7/groups/G0067/

基本信息:

MD5:173edf96e60b3fd520801a6c1adee7e0

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/391c607e-e0c2-4e87-a348-7c185001710d/Untitled.png

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/27d822d7-aca1-4cff-8c38-8b46c407adba/Untitled.png

一个带有密码的doc文档,快捷方式伪造的txt。

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/4eda125f-2463-4978-9d33-177cd2553c5b/Untitled.png

后续payload已无法获取

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/7a3dc143-86b3-48f5-b412-68848bb6975f/Untitled.png

ATT&CK:

https://attack.mitre.org/versions/v7/techniques/T1218/005/