비상계엄 테마 APT 공격과 Kimsuky 그룹 연관성 분석

2025-03-04 • Genians • Analysis of the Link Between a Martial Law-Themed APT Attack and the Kimsuky Group •

https://www.genians.co.kr/blog/threat_intelligence/apt-attacks-martial-law

#Kimsuky #Phishing #T1037.001

Thumbnail for 비상계엄 테마 APT 공격과 Kimsuky 그룹 연관성 분석

Genians Security Center links a martial law-themed spear-phishing campaign to Kimsuky tradecraft. The report says emails sent to people working on North Korea-related issues delivered malware download links, used OS-specific distribution behavior for macOS and Windows, and attempted to evade early detection with Windows Control Panel file abuse and a fake Google updater theme. The source frames the activity as an APT operation that exploited a current political issue for social engineering and recommends behavior-based endpoint detection and response to catch unknown modules before they spread inside affected environments.

Indicators of Compromise

Type	Value	First Seen	Last Seen
HASH	ca93591a9441a2ade70821f67292d982	2025-03-04	2026-04-07
HASH	9e94126e8a26efd10b2a5b179d64be90	2025-03-04	2026-04-07
IPv4	77.247.126.189	2025-02-25	2026-02-22
DOMAIN	googlauth.com	2025-03-04	2025-04-16
HASH	25156a29ad636eb708104ec69b05e54b	2025-03-04	2025-03-04
HASH	35b4f28dd2d50dbf48e5c63c3ef5efb7	2025-03-04	2025-03-04
HASH	f8dde3de3410d7a444fcfeabfbb963e4	2025-03-04	2025-03-04
HASH	929a87be39ed3ad28e7285340f64414f	2025-03-04	2025-03-04
HASH	66e8096b9b061550314a82654ce0fabd	2025-03-04	2025-03-04
HASH	72fc2de8e9339969b9be2bb4363e2741	2025-03-04	2025-03-04
HASH	c3bbdd7142b1b86e638e8585a4b16c7b	2025-03-04	2025-03-04
HASH	71d5270d1a165bb6dec144e16089450d	2025-03-04	2025-03-04
HASH	456d05566fc3391e195a5f9cb346c92c	2025-03-04	2025-03-04
HASH	8fb97b701da7e49e6a78717f0179dd68	2025-03-04	2025-03-04
HASH	5108c225b68c5d229b83bf62e0e357b0	2025-03-04	2025-03-04
HASH	fc7315b6b74aa43ab24965f3648f01a6	2025-03-04	2025-03-04
URL	https://review.accountprotectio…	2025-03-04	2025-03-04
DOMAIN	nid.naverify.com	2025-03-04	2025-03-04
DOMAIN	accounts.kakao-login.com	2025-03-04	2025-03-04
DOMAIN	sarkcc.com	2025-03-04	2025-03-04
DOMAIN	ms-work.com	2025-03-04	2025-03-04
DOMAIN	seouul.com	2025-03-04	2025-03-04
DOMAIN	nid.naver-auth.com	2025-03-04	2025-03-04
DOMAIN	navauth.com	2025-03-04	2025-03-04
DOMAIN	samsunghospitol.com	2025-03-04	2025-03-04
DOMAIN	accounts.kakao-check.com	2025-03-04	2025-03-04
DOMAIN	accounts-google.com	2025-03-04	2025-03-04
DOMAIN	knovvhow.com	2025-03-04	2025-03-04
DOMAIN	nid.auth-require.com	2025-03-04	2025-03-04
DOMAIN	kcar-service.com	2025-03-04	2025-03-04
DOMAIN	accounts.goodemail.info	2025-03-04	2025-03-04
DOMAIN	goodemail.info	2025-03-04	2025-03-04
DOMAIN	puac.net	2025-03-04	2025-03-04
DOMAIN	100000recipe.com	2025-03-04	2025-03-04
DOMAIN	unniedu.com	2025-03-04	2025-03-04
DOMAIN	medicert.com	2025-03-04	2025-03-04
DOMAIN	campaign2-nid.com	2025-03-04	2025-03-04
DOMAIN	navers.com	2025-03-04	2025-03-04
DOMAIN	accountprotection.info	2025-03-04	2025-03-04
DOMAIN	yecchong.com	2025-03-04	2025-03-04
DOMAIN	nid.naver-check.com	2025-03-04	2025-03-04
DOMAIN	accounts.kakao-verify.com	2025-03-04	2025-03-04
DOMAIN	panmuntour.com	2025-03-04	2025-03-04
DOMAIN	accounts.intorpark.com	2025-03-04	2025-03-04
DOMAIN	accounts.login-require.com	2025-03-04	2025-03-04
DOMAIN	review.accountprotection.info	2025-03-04	2025-03-04
DOMAIN	lotto-rich.com	2025-03-04	2025-03-04
DOMAIN	kyf-dream.com	2025-03-04	2025-03-04
DOMAIN	accounts.kakao-auth.com	2025-03-04	2025-03-04
DOMAIN	merryear.com	2025-03-04	2025-03-04
DOMAIN	jongnno.com	2025-03-04	2025-03-04
DOMAIN	glaed-hotel.com	2025-03-04	2025-03-04
DOMAIN	kakauth.com	2025-03-04	2025-03-04
IPv4	172.67.189.105	2025-03-04	2025-03-04
IPv4	104.21.77.81	2025-03-04	2025-03-04
IPv4	104.21.43.94	2025-03-04	2025-03-04
IPv4	222.122.195.67	2025-03-04	2025-03-04
IPv4	172.67.185.83	2025-03-04	2025-03-04
IPv4	172.67.163.138	2025-03-04	2025-03-04
IPv4	112.175.185.59	2025-03-04	2025-03-04
IPv4	104.21.36.117	2025-03-04	2025-03-04
IPv4	104.21.75.198	2025-03-04	2025-03-04
IPv4	104.21.14.107	2025-03-04	2025-03-04
IPv4	104.21.86.221	2025-03-04	2025-03-04
IPv4	172.67.178.31	2025-03-04	2025-03-04
IPv4	104.21.48.88	2025-03-04	2025-03-04
IPv4	172.67.168.65	2025-03-04	2025-03-04
IPv4	104.21.2.11	2025-03-04	2025-03-04
IPv4	27.102.130.92	2025-03-04	2025-03-04
IPv4	210.92.18.185	2025-03-04	2025-03-04
IPv4	104.21.65.82	2025-03-04	2025-03-04
IPv4	112.214.236.86	2025-03-04	2025-03-04
IPv4	172.67.179.222	2025-03-04	2025-03-04
IPv4	118.33.224.29	2025-03-04	2025-03-04
IPv4	172.67.193.25	2025-03-04	2025-03-04
IPv4	104.21.43.135	2025-03-04	2025-03-04
IPv4	104.21.69.121	2025-03-04	2025-03-04
IPv4	104.21.26.97	2025-03-04	2025-03-04
IPv4	210.92.18.161	2025-03-04	2025-03-04
IPv4	119.204.168.143	2025-03-04	2025-03-04
IPv4	104.21.74.209	2025-03-04	2025-03-04
IPv4	172.67.128.127	2025-03-04	2025-03-04
IPv4	172.67.132.211	2025-03-04	2025-03-04
IPv4	172.67.194.212	2025-03-04	2025-03-04
IPv4	104.21.13.127	2025-03-04	2025-03-04
IPv4	172.67.208.102	2025-03-04	2025-03-04
IPv4	104.21.32.94	2025-03-04	2025-03-04
IPv4	104.21.51.149	2025-03-04	2025-03-04
IPv4	104.21.96.63	2025-03-04	2025-03-04
IPv4	104.21.48.172	2025-03-04	2025-03-04
IPv4	104.21.51.95	2025-03-04	2025-03-04
IPv4	216.74.123.97	2025-03-04	2025-03-04
IPv4	104.21.61.63	2025-03-04	2025-03-04
IPv4	124.5.163.111	2025-03-04	2025-03-04
IPv4	112.175.185.19	2025-03-04	2025-03-04
IPv4	172.67.137.64	2025-03-04	2025-03-04
IPv4	104.21.34.210	2025-03-04	2025-03-04
IPv4	172.67.181.81	2025-03-04	2025-03-04
IPv4	172.67.208.4	2025-03-04	2025-03-04
IPv4	104.21.56.41	2025-03-04	2025-03-04
IPv4	172.67.219.166	2025-03-04	2025-03-04
IPv4	104.21.62.206	2025-03-04	2025-03-04
IPv4	104.21.68.29	2025-03-04	2025-03-04
IPv4	172.67.138.180	2025-03-04	2025-03-04
IPv4	172.67.158.166	2025-03-04	2025-03-04
IPv4	49.1.238.247	2025-03-04	2025-03-04
IPv4	104.21.59.136	2025-03-04	2025-03-04
IPv4	172.67.187.104	2025-03-04	2025-03-04
IPv4	172.67.162.231	2025-03-04	2025-03-04
IPv4	104.21.60.195	2025-03-04	2025-03-04
IPv4	172.67.182.18	2025-03-04	2025-03-04
IPv4	209.99.40.222	2025-03-04	2025-03-04
IPv4	172.67.133.130	2025-03-04	2025-03-04
IPv4	124.5.163.170	2025-03-04	2025-03-04
IPv4	112.214.237.131	2025-03-04	2025-03-04
IPv4	104.21.36.135	2025-03-04	2025-03-04
IPv4	104.21.54.128	2025-03-04	2025-03-04
IPv4	172.67.177.237	2025-03-04	2025-03-04
IPv4	104.21.42.163	2025-03-04	2025-03-04
IPv4	172.67.176.240	2025-03-04	2025-03-04
IPv4	161.97.100.171	2025-03-04	2025-03-04
IPv4	172.67.177.152	2025-03-04	2025-03-04
IPv4	206.206.123.55	2025-03-04	2025-03-04
IPv4	172.67.185.123	2025-03-04	2025-03-04
IPv4	104.21.13.241	2025-03-04	2025-03-04
IPv4	172.67.173.157	2025-03-04	2025-03-04
IPv4	172.67.183.9	2025-03-04	2025-03-04
IPv4	172.67.200.125	2025-03-04	2025-03-04
IPv4	104.21.62.150	2025-03-04	2025-03-04
IPv4	104.21.86.123	2025-03-04	2025-03-04
IPv4	49.1.234.75	2025-03-04	2025-03-04
IPv4	172.67.205.159	2025-03-04	2025-03-04
IPv4	172.67.136.182	2025-03-04	2025-03-04
IPv4	172.67.139.63	2024-08-23	2025-03-04
DOMAIN	accountsmt.certuser.info	2023-11-01	2025-03-04
DOMAIN	certuser.info	2023-11-01	2025-03-04
IPv4	172.67.206.189	2023-03-14	2025-03-04
IPv4	118.36.192.211	2022-06-29	2025-03-04