Shares tags: Cryptocurrency, Phishing • Shares 1 IOC • Same author: Sakai • Published within a week
북한 에서 만든 대한항공 NFT 피싱 사이트-korean-air(.)org(2023-07-17)
2023-07-21 • Sakai • Korean Air NFT phishing site created in North Korea - korean-air(.)org(2023-07-17) •
The source reports a North Korea-attributed phishing site at korean-air.org that impersonated Korean Air with a fake NFT event offering travel benefits to cryptocurrency-wallet users. The lure promised limited free NFT issuance and Japan flight-ticket benefits, then generated a WalletConnect QR code intended to connect and drain the victim's wallet. The article notes the site used a Let's Encrypt certificate, was reachable from Korean IP space at the time, and was not yet detected by several security vendors. The author submitted the domain to Emsisoft, Google Safe Browsing, ESET, and Symantec Site Review for phishing classification.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| DOMAIN | korean-air.org | 2023-07-21 | 2023-07-25 |
| HASH | 7c19882426312936758851572460052… | 2023-07-21 | 2023-07-21 |
Related Reports
2023-07-25 •
70% Match
#Phishing
Shares tag: Phishing • Shares 1 IOC • Same author: Sakai • Published within a week
Shares tags: Cryptocurrency, Phishing • Same author: Sakai • Published within a week
2026-06-17 •
40% Match
#Cryptocurrency
#Phishing
#DeFi
#FinancialGain
#T1552
#T1078
#T1098
#HumanityProto
Shares tags: Cryptocurrency, Phishing
2026-05-28 •
40% Match
#Cryptocurrency
#Phishing
#Bluenoroff
#macOS
#SapphireSleet
#UNC1069
#T1005
#T1041
#T1560
#T1059.004
#T1059.002
#T1105
#T1543.004
Shares tags: Cryptocurrency, Phishing
Shares tags: Cryptocurrency, Phishing