북한 김수키(Kimsuky) 조직의 스피어피싱 메일 공격 분석

2024-02-28 Hauri Analysis of spear-phishing email attacks by North Korean Kimsuky organization

https://download.hauri.net/DownSource/down/dwn_detail_down.html?uid=58

Attachments

íìë_í¹ìë³ìëíí_ëíê¹ìíê³µê²ëì_2024.pdf (10 MB)

Hauri analyzed a Kimsuky spear-phishing operation that built 16 mail servers and used 24 impersonation accounts to contact more than 400 people. The targets included figures in politics, international relations, universities, policy institutions, and other domestic and overseas organizations. The report says Kimsuky did not simply send mass attachments, but researched specific victims, opened natural conversations, adjusted domains and themes when victims did not respond, and systematically managed target and domain information before delivering HTML, ISO, ZIP, VBS, and other malware-bearing content.

Indicators of Compromise

Type Value First Seen Last Seen
HASH d7034bfcd34cc4ea0d82539e5cd96228 2024-02-28 2024-02-28
HASH 7e82b6dde3a681a005936bd93217b1ff 2024-02-28 2024-02-28
HASH 466838ee4620aa0dd549c81c87e7ed8a 2024-02-28 2024-02-28
HASH a38657547f1bccb3b76c262c9810dd96 2024-02-28 2024-02-28
HASH 183a514a151388d8348689922cc62929 2024-02-28 2024-02-28
HASH 31c414633476205df29b8000709d8223 2024-02-28 2024-02-28
HASH 6af79a43dc0afe3cb7d123099ef69749 2024-02-28 2024-02-28
HASH 0dc70177e55122295ff58e1d3939e8bd 2024-02-28 2024-02-28
HASH acabc4d0ce4c739994565a7824a6eb12 2024-02-28 2024-02-28
HASH 38dddd37aca22d53fad14db419224eaa 2024-02-28 2024-02-28
HASH a33ff775e4530f3fc5e58470c4e4bca5 2024-02-28 2024-02-28
HASH 0652a10e88e47415cfbf1b52ea146155 2024-02-28 2024-02-28
HASH ba1b5b3070fe754698a43ee5329ba2f2 2024-02-28 2024-02-28
HASH fc18017e3704c1361f1a549e6a3f2003 2024-02-28 2024-02-28
HASH 1e7d6900f70b79c6bce5494280c39a43 2024-02-28 2024-02-28
HASH 939e0abe300c62163915e656d377317d 2024-02-28 2024-02-28
HASH 2d8ca22e9f724db19dae71781d5c053c 2024-02-28 2024-02-28
HASH de960b84d08d781e34785f28b9f791f5 2024-02-28 2024-02-28
HASH d43caece6e649e95ec6c4c272457d36e 2024-02-28 2024-02-28
HASH 717fa139bd36a43f0252a362ec6b2eb7 2024-02-28 2024-02-28
HASH dee7af6cf7d888c7cc61c0f67e93ae3a 2024-02-28 2024-02-28
HASH 2799f8e40c31f318e29775e180f2c1ec 2024-02-28 2024-02-28
HASH 4dfeac44c9889e156af3512e4e4bf521 2024-02-28 2024-02-28
HASH 011cb038f507f249dfcd551afa2dee23 2024-02-28 2024-02-28
HASH 6058ee0530007655a3fd9aaba5d26349 2024-02-28 2024-02-28
HASH ed3f5e93f3ffbec0fe084fe23a067804 2024-02-28 2024-02-28
HASH 437fbdc5fd22ccf10fe64e7401dc184c 2024-02-28 2024-02-28
HASH b50c9c94b2b70f84c4a9945c40d49edd 2024-02-28 2024-02-28
URL https://namsouth.com/gopprb/OpO… 2024-02-28 2024-02-28
URL https://mngrdp.site/kang/d.php?… 2024-02-28 2024-02-28
URL https://namsouth.com/gopprb/pre… 2024-02-28 2024-02-28
URL http://privateml.online/kang/ca… 2024-02-28 2024-02-28
URL https://1drv.ms/w/s!AvPucizxIXo… 2024-02-28 2024-02-28
URL https://1drv.ms/f/s!Ao8G44b_L1U… 2024-02-28 2024-02-28
URL https://mngrdp.site/kang/def.hta 2024-02-28 2024-02-28
URL https://privateml.online/kang/d… 2024-02-28 2024-02-28
URL https://1drv.ms/u/s!AvPucizxIXo… 2024-02-28 2024-02-28
URL https://1drv.ms/f/s!Ao8G44b_L1U… 2024-02-28 2024-02-28
URL https://privateml.online/kang/d… 2024-02-28 2024-02-28
URL http://namsouth.com/gopprb/ 2024-02-28 2024-02-28
URL https://1drv.ms/u/s!Antyf7HLfqv… 2024-02-28 2024-02-28
URL http://namsouth.com/gopprb/pres… 2024-02-28 2024-02-28
URL https://1drv.ms/u/s!AtZ1-pGa3M5… 2024-02-28 2024-02-28
URL https://privateml.online/kang/a… 2024-02-28 2024-02-28
URL https://1drv.ms/u/s!AlAUjL3x8cR… 2024-02-28 2024-02-28
URL https://1drv.ms/f/s!AtZ1-pGa3M5… 2024-02-28 2024-02-28
URL https://namsouth.com/gopprb/pre… 2024-02-28 2024-02-28
DOMAIN privateml.online 2024-02-28 2024-02-28
HASH 420a13202d271babc32bf8259cdaddf3 2023-12-08 2024-02-28
DOMAIN mngrdp.site 2023-08-21 2024-02-28
DOMAIN namsouth.com 2023-06-30 2024-02-28

Related Actors

Related Reports

« Back