← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Malicious documents spreading Ransomware
WHITE trainingstudent 2026-05-18 Modified: 2026-05-18
18
IOCs
MEDIUM VOLUME
Recently, the most problematic targeted attack in Korea is the Ammyy remote control backdoor being distributed to companies and the Clop ransomware installed through it. The backdoor file was created using the source of the Ammyy remote control program, which is available online, and is planted on the PC being attacked before accessing the system remotely. The malicious file that the attacker wants to finally execute on the system is the Clop ransomware.
ransomware
Indicators of Compromise (18)
All FileHash-SHA256 URL hostname FileHash-MD5 FileHash-SHA1
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 69624e760e44ec72b88f50aa1bb101ea42aa648d5de20bd80a8944bc2a055cfc 2026-05-18
FileHash-SHA256 832c7cf98bf01d896f4b0ad8ad70ff4c486d0840c9894cc49936f8797e79ef49 2026-05-18
FileHash-SHA256 3be43423be337d9afce949dcabe73fd7c136a24c2a6bb3e4583fcf0d342e0ec6 2026-05-18
FileHash-SHA256 3e7c8564ea354e074c0ab3876bad4cb5707b5dc3cde4599df58c7b5374d2235c 2026-05-18
FileHash-SHA256 0182f92d0c78df8a78b7359d3132464ab45213568e19f7f1941107a3a436cf83 2026-05-18
FileHash-SHA256 dccf4808f742270c24b709f8813d02e2d39a645bb852306e9ef5eae0bd52554e 2026-05-18
URL http://92.38.135.204/lib2 2026-05-18
URL http://202.168.154.158/lib1 2026-05-18
URL http://27.102.106.138/lib3 2026-05-18
hostname www.keepneedjust.info 2026-05-18
FileHash-MD5 8364f1e42b4467f527e875e4cf20fe8a 2026-05-18
FileHash-MD5 800db6507256cde0514990f2bf0a414a 2026-05-18
FileHash-MD5 d46778cf23d9b6d092be5f75b86700bb 2026-05-18
FileHash-MD5 57f59b1e113dffb36015af3523344ab1 2026-05-18
FileHash-SHA1 16de645da4624ea3e493f7fab955be594a98e2b4 2026-05-18
FileHash-SHA1 d9b17583c15d895ff1be62938aa6bf7785851cda 2026-05-18
FileHash-SHA256 a53be0bd2a838ffe172181f3953a2bc8a1b7c447fb56d885391921a7c3eac1f9 2026-05-18
FileHash-SHA256 1805c456ef0df3486b35d79795fc5486140ea0a6b92bbf6b035e52b11f65c938 2026-05-18
References (3)
↗ https://asec.ahnlab.com/1232 ↗ https://securitycode.tistory.com/115 ↗ https://twitter.com/HONKONE_K/status/1110757861779341313