.. /.Hwpx

Phishing

Contributors:

Adithya - @ravooriadithya

Description:

HWPX file is a Hangul Word Processor 2010 Document. Hangul Word Processor (HWP) is a proprietary word processing application published by the South Korean company Haansoft Corporation. It is used extensively in South Korea, especially by the government. Similar to Office .doc,docx etc., these file types are also capable of carrying malicious code/ 0 day exploits due to their nature.

OS:

Windows

Recommendation:

After validating business usage, monitor & block the download and execution of hwpx files on email & web gateways and endpoints . Whitelist as required.

Resources:

https://www.fireeye.com/content/dam/fireeye-www/global/en/blog/threat-research/FireEye_HWP_ZeroDay.pdf
https://www.virusbulletin.com/virusbulletin/2018/11/vb2018-paper-hacking-sony-pictures/

File Samples: