Malicious HWP Document Disguised as Reunification Education Support Application
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A deceptive HWP document, masquerading as a reunification education support application, was discovered on March 5. The document, when opened, creates multiple files in the TEMP folder, including a malicious BAT file. This BAT file executes various actions to ensure persistent malware operation, including registering task schedulers and executing additional malicious files. The malware ultimately accesses an external URL to download and execute additional files, allowing threat actors to execute various commands. This incident is part of a recent trend of malware distribution using HWP documents, with attacks now targeting the general public rather than specific users. Users are advised to be cautious and keep their security software updated.
OPENCTI LABELS :
downloader,dropper,hwp
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Malicious HWP Document Disguised as Reunification Education Support Application