APT Threat Landscape in Japan 2020
2021-05-21 • Macnica •
https://www.macnica.co.jp/business/security/manufacturers/files/mpressioncss_ta_report_2020_5_en.pdf
Attachments
Macnica Networks and TeamT5’s 2020 Japan APT landscape report is a broad espionage study of attacks against Japanese organizations, but its DPRK-relevant material includes a dedicated “CloudDragon (Kimsuky)” section under new TTPs and RATs. The excerpt frames the overall report as analysis of stealthy RAT-driven cyber-espionage campaigns, targeted industries, attack timelines, C2, lateral movement, exfiltration, and IOC sets. Because the provided excerpt mostly contains the table of contents and introduction, the supported DPRK-specific takeaway is limited: the report treats CloudDragon/Kimsuky as one of the notable techniques or actor sections within Japan-focused APT activity, while much of the visible text concerns non-DPRK APT10 campaigns and general landscape context.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| DOMAIN | purewatertokyo.com | 2021-03-22 | 2022-11-15 |
| DOMAIN | salmonrabbit.com | 2021-03-22 | 2022-11-15 |
| DOMAIN | pinkgoat.com | 2021-03-22 | 2022-11-15 |
| HASH | 505606e9b6c3e2d05336a95dee0735e… | 2021-05-21 | 2021-05-21 |
| HASH | 3fda6fd600b4892bda1d28c1835811a… | 2021-05-21 | 2021-05-21 |
| HASH | a77b04b1c809c837eafaa44b8457c23… | 2021-05-21 | 2021-05-21 |
| HASH | e4ac9f5e4ab6b324e4dbb70feff4a17… | 2021-05-21 | 2021-05-21 |
| HASH | 9233133a60362d5507dfe84a491ecf2… | 2021-05-21 | 2021-05-21 |
| HASH | 8504c06360f82b01b27aa1c484455e8… | 2021-05-21 | 2021-05-21 |
| HASH | 641d1e752250d27556de774dbb3692d… | 2021-05-21 | 2021-05-21 |
| HASH | 2fb6cf5003543cb0355eba8f4242f2e… | 2021-05-21 | 2021-05-21 |
| HASH | 08eaef6be41244bce8fdc908bee03ec… | 2021-05-21 | 2021-05-21 |
| HASH | 09e90c178870e72860401300a91a5a1… | 2021-05-21 | 2021-05-21 |
| HASH | 2926b7faaac641086e979ee8a6de747… | 2021-05-21 | 2021-05-21 |
| HASH | f32f8ca082b53db965eb91576c3566a… | 2021-05-21 | 2021-05-21 |
| HASH | 65433fd59c87acb8d55ea4f90a47e07… | 2021-05-21 | 2021-05-21 |
| HASH | 73470ea496126133fd025cfa9b3599b… | 2021-05-21 | 2021-05-21 |
| HASH | 6089b071f3dddb7ae85fc9b835f1fa1… | 2021-05-21 | 2021-05-21 |
| HASH | 8c062fef5a04f34f4553b5db57cd1a5… | 2021-05-21 | 2021-05-21 |
| HASH | 7db25164885066f32cd8b523a0b0ee9… | 2021-05-21 | 2021-05-21 |
| HASH | 1cc809788663e6491fce42c758ca3e5… | 2021-05-21 | 2021-05-21 |
| IPv4 | 111.90.144.164 | 2021-05-21 | 2021-05-21 |
| IPv4 | 101.78.177.244 | 2021-05-21 | 2021-05-21 |
| IPv4 | 167.179.65.11 | 2021-05-21 | 2021-05-21 |
| IPv4 | 130.130.121.44 | 2021-05-21 | 2021-05-21 |
| IPv4 | 103.27.184.27 | 2021-05-21 | 2021-05-21 |
| IPv4 | 103.140.187.183 | 2021-05-21 | 2021-05-21 |
| IPv4 | 118.107.11.135 | 2021-05-21 | 2021-05-21 |
| IPv4 | 154.223.179.14 | 2021-05-21 | 2021-05-21 |
| IPv4 | 88.198.101.58 | 2021-05-21 | 2021-05-21 |
| IPv4 | 139.180.192.19 | 2021-05-21 | 2021-05-21 |
| IPv4 | 172.105.232.89 | 2021-05-21 | 2021-05-21 |
| IPv4 | 172.105.230.196 | 2021-05-21 | 2021-05-21 |
| HASH | eb846bb491bea698b99eab80d58fd1f… | 2021-03-22 | 2021-05-21 |
| URL | http://yellowlion.com/remove | 2021-03-22 | 2021-05-21 |
| URL | http://pinkgoat.com/input | 2021-03-22 | 2021-05-21 |
| URL | http://bluecow.com/input | 2021-03-22 | 2021-05-21 |
| URL | http://purewatertokyo.com/list | 2021-03-22 | 2021-05-21 |
| URL | http://toysbagonline.com/reviews | 2021-03-22 | 2021-05-21 |
| URL | http://salmonrabbit.com/find | 2021-03-22 | 2021-05-21 |
| DOMAIN | yellowlion.com | 2021-03-22 | 2021-05-21 |
| DOMAIN | toysbagonline.com | 2021-03-22 | 2021-05-21 |
| DOMAIN | bluecow.com | 2021-03-22 | 2021-05-21 |