From 550970eba01e7cfc7c4d1bdb24869034ff24be59 Mon Sep 17 00:00:00 2001 From: blackorbird <137812951@qq.com> Date: Tue, 23 Apr 2019 15:00:25 +0800 Subject: [PATCH] Update README.MD --- group123/README.MD | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/group123/README.MD b/group123/README.MD index ab13663..ca307f0 100644 --- a/group123/README.MD +++ b/group123/README.MD @@ -19,27 +19,28 @@ Lee Soo-hyun info: http://155.138.236.240/sec[.]png?id= -phishing: -input password and login it will redirect to unikorea.go.kr +## phishing: + +### input password and login it will redirect to unikorea.go.kr https://unikorea.go.kr/upload/editUpload/20190418/2019041814360535872.png https://unikorea.go.kr/upload/editUpload/20190418/2019041814364795734.png -The html file is misleading in this two-step process and will connect you to a specific Google Drive address in the background. +### The html file is misleading in this two-step process and will connect you to a specific Google Drive address in the background. download:memo.utr google drive owner: 한국정치학회 Gmail:kpsapress@gmail.com decode PE and collect private information -post to "pcloud" +### post to "pcloud" the authorize email is kcrc1214@hanmail.net ,2018.12.3 join The attacking organization seems to have registered Russian expressions to intentionally give the analysts a false flag, and when translated into English, it will change to the expression 'Humpty Dumpty'. -D:\System\Kernel32\Shell32\Sample\Release\Шалтай-Болтай.pdb (Humpty Dumpty) +### D:\System\Kernel32\Shell32\Sample\Release\Шалтай-Болтай.pdb (Humpty Dumpty) -HTML code feature +### HTML code feature