오퍼레이션 고스트 유니온(Operation Ghost Union)
2020-04-08 • Ahnlab • Operation Ghost Union •
https://image.ahnlab.com/file_upload/asecissue_files/ASEC%20REPORT_vol.98.pdf
Attachments
ASEC20REPORT_vol.98.pdf (8 MB)
AhnLab's Operation Ghost Union report profiles Kimsuky activity against South Korean institutions and companies. The report says Kimsuky, active since at least 2013, has expanded targeting from military-related areas into political, economic, and social sectors while continuing information-theft operations. AhnLab found that in a December 2019 South Korea-focused attack, Kimsuky used malware associated with Andariel as part of its delivery chain, making the campaign notable for combining Kimsuky-built malware with tooling from another North Korea-linked group.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| DOMAIN | member-info.com | 2020-04-08 | 2020-11-12 |
| IPv4 | 185.224.138.29 | 2019-03-04 | 2020-11-12 |
| DOMAIN | my-homework.890m.com | 2019-01-30 | 2020-11-12 |
| HASH | a16d8af557e23f075a34feaf02047163 | 2020-04-08 | 2020-04-08 |
| HASH | 56522bba0ac19449643f7fceccf73bbe | 2020-04-08 | 2020-04-08 |
| HASH | 6dbc4dcd05a16d5c5bd431538969d3b8 | 2020-04-08 | 2020-04-08 |
| HASH | 5cddf08d10c2a8829a65d13ddf90e6e8 | 2020-04-08 | 2020-04-08 |
| HASH | 6671764638290bcb4aedd6c2e1ec1f45 | 2020-04-08 | 2020-04-08 |
| HASH | ce2c2d12ef77ef699e584b0735022e5d | 2020-04-08 | 2020-04-08 |
| HASH | 30bd4c48ccf59f419d489e71acd6bfca | 2020-04-08 | 2020-04-08 |
| HASH | 367d053efd3eaeefff3e7eb699da78fd | 2020-04-08 | 2020-04-08 |
| HASH | 750924d47a75cc3310a4fea02c94a1ea | 2020-04-08 | 2020-04-08 |
| HASH | e1af9409d6a535e8f1a66ce8e6cea428 | 2020-04-08 | 2020-04-08 |
| HASH | f2d2b7cba74421a490be78fa8cf7111d | 2020-04-08 | 2020-04-08 |
| HASH | ac6f0f14c66043e5cfbc636ddec2d62c | 2020-04-08 | 2020-04-08 |
| HASH | e00afffd48c789ea1b13a791476533b1 | 2020-04-08 | 2020-04-08 |
| HASH | b8c63340b2fc466ea6fe168000fedf2d | 2020-04-08 | 2020-04-08 |
| HASH | e11fa6a944710d276a05f493d8b3dc8a | 2020-04-08 | 2020-04-08 |
| HASH | 7fd2e2e3c88675d877190abaa3002b55 | 2020-04-08 | 2020-04-08 |
| HASH | 2dea7e6e64ca09a5fb045ef2578f98bc | 2020-04-08 | 2020-04-08 |
| HASH | 12a8f8efe867c11837d4118318b0dc29 | 2020-04-08 | 2020-04-08 |
| HASH | 44bc819f40cdb29be74901e2a6c77a0c | 2020-04-08 | 2020-04-08 |
| HASH | af3bdaa30662565e18e2959f5a35c882 | 2020-04-08 | 2020-04-08 |
| HASH | 6574e952e2833625f68f4ebd9983b18e | 2020-04-08 | 2020-04-08 |
| HASH | 4d6832ddf9e5ca4ee90f72a4a7598e9f | 2020-04-08 | 2020-04-08 |
| HASH | c09a58890e6d35decf042381e8aec899 | 2020-04-08 | 2020-04-08 |
| HASH | d6d9bcc4fb70f4b27e192f3bfe61837d | 2020-04-08 | 2020-04-08 |
| HASH | 7b0c06c96caadbf6976aa1c97be1721c | 2020-04-08 | 2020-04-08 |
| HASH | 719d0bf25d7a8f20f252034b6d3dbf74 | 2020-04-08 | 2020-04-08 |
| DOMAIN | kakao-daum-center.890m.com | 2020-04-08 | 2020-04-08 |
| DOMAIN | date0707.cafe24.com | 2020-04-08 | 2020-04-08 |
| DOMAIN | daum.member-info.com | 2020-04-08 | 2020-04-08 |
| DOMAIN | member-daum.16mb.com | 2020-04-08 | 2020-04-08 |
| DOMAIN | hamnail-form.890m.com | 2020-04-08 | 2020-04-08 |
| DOMAIN | myaccounts.goegle.16mb.com | 2020-04-08 | 2020-04-08 |
| DOMAIN | ewha.16mb.com | 2020-04-08 | 2020-04-08 |
| DOMAIN | main-darn-setting.16mb.com | 2020-04-08 | 2020-04-08 |
| DOMAIN | accounnts-google-net.890m.com | 2020-04-08 | 2020-04-08 |
| DOMAIN | chollian.16mb.com | 2020-04-08 | 2020-04-08 |
| DOMAIN | kakao-daum-team.16mb.com | 2020-04-08 | 2020-04-08 |
| IPv4 | 177.234.145.204 | 2020-04-08 | 2020-04-08 |
| DOMAIN | ondol.inodea.co.kr | 2019-06-10 | 2020-04-08 |
| HASH | b994bd755e034d2218f8a3f70e91a165 | 2019-03-04 | 2020-04-08 |
| HASH | 9d685308d3125e14287ecb7fbe5fcd37 | 2019-03-04 | 2020-04-08 |