북한 해킹 단체 김수키(Kimsuky)에서 만든 피싱 메일 도구-MailSending(Phishing mail tool,2024.4.19)
2024-04-22 • Sakai • Phishing Mail Tool Created by the North Korean Hacking Group Kimsuky - MailSending (Phishing Mail Tool, 2024.4.19) •
The report analyzes a Kimsuky phishing-mail tool called MailSending that is intended to automate phishing messages against South Korean users. It provides hashes including SHA-256 bb9c0396a61fa16d8c482a4a17e520fae908aa826e54243da6473494fa5f2305 and frames the malware as infrastructure supporting credential or personal-information theft by a North Korea-linked threat actor.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| [email protected] | 2024-04-22 | 2024-05-06 | |
| DOMAIN | mail9602-udlv.com | 2024-04-22 | 2024-05-06 |
| HASH | 67e06fae0cd9c27c29622c79214f92a4 | 2024-04-22 | 2024-04-22 |
| HASH | c28a5bae3604c4aeece90ea4cd45009… | 2024-04-22 | 2024-04-22 |
| HASH | bb9c0396a61fa16d8c482a4a17e520f… | 2024-04-22 | 2024-04-22 |
| URL | http://gunsanvill.co.kr/skin/vi… | 2024-04-22 | 2024-04-22 |
| URL | http://jeilhospital1.cafe24.com… | 2024-04-22 | 2024-04-22 |
| URL | https://uws64-179.cafe24.com | 2024-04-22 | 2024-04-22 |
| DOMAIN | jeilhospital1.cafe24.com | 2024-04-22 | 2024-04-22 |
| DOMAIN | gunsanvill.co.kr | 2024-04-22 | 2024-04-22 |
| DOMAIN | uws64-179.cafe24.com | 2024-04-22 | 2024-04-22 |
Related Actors
Related Reports
Shares tag: Kimsuky • Same author: Sakai • Published within a month
Shares tag: Kimsuky • Same author: Sakai • Published within a month
Shares tag: Kimsuky • Same author: Sakai
Shares tag: Kimsuky • Same author: Sakai
Shares tag: Kimsuky • Same author: Sakai
Shares tag: Kimsuky • Same author: Sakai