APT37의 정찰용 피싱
2025-01-12 • Hauri • ( Document No : DT-20250110-001 ) •
https://download.hauri.net/DownSource/down/dwn_detail_down.html?uid=72
Attachments
2025-01-10ììëìë³ê³ìAPT37ììììí¼ì.pdf (947 KB)
HAURI describes APT37 reconnaissance phishing against people connected to North Korea issues and defector communities. The attack embeds an IMG tag in email so that opening the message automatically reaches a phishing site, while compromised legitimate Korean sites are used to avoid security blocking. One example uses an alumni-list update lure and a dalcommusic.com URL with encrypted parameters; the phishing infrastructure blocks crawler and bot user agents and writes access data to crawl.dat, supporting targeted-delivery and tracking detections.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 2c3797bdcc418121611dfc264a448937 | 2025-01-12 | 2025-01-12 |
| HASH | 9ea4d0a80cf2aa1fcf6bd81c1775b935 | 2025-01-12 | 2025-01-12 |
| HASH | da585f529096b88f443462b0a6187db7 | 2025-01-12 | 2025-01-12 |
| HASH | 9d1464d8abeb4bd66d55f138d77fa5b9 | 2025-01-12 | 2025-01-12 |
| HASH | 8d6cfffd887b3d268389c7b02543924b | 2025-01-12 | 2025-01-12 |
| HASH | bcd58b65e07ef11a70c10e8416d8ef8e | 2025-01-12 | 2025-01-12 |
| HASH | b5a7946b4513e30d45ee2725f359593a | 2025-01-12 | 2025-01-12 |
| HASH | aacd298c5bd26065cb267bf01f002891 | 2025-01-12 | 2025-01-12 |
| URL | http://theplan-arch.co.kr/produ… | 2025-01-12 | 2025-01-12 |
| URL | http://seoulsong.co.kr/module/l… | 2025-01-12 | 2025-01-12 |
| URL | http://udcontest.ableforum.com/… | 2025-01-12 | 2025-01-12 |
| URL | http://seoulsong.co.kr/shop/dat… | 2025-01-12 | 2025-01-12 |
| URL | http://dalcommusic.com/mail/ser… | 2025-01-12 | 2025-01-12 |
| URL | http://shinkwangpub.com/sub01/g… | 2025-01-12 | 2025-01-12 |
| URL | http://udcontest.ableforum.com/… | 2025-01-12 | 2025-01-12 |
| URL | http://seoulsong.co.kr/bbs/Log/… | 2025-01-12 | 2025-01-12 |
| URL | http://theplan-arch.co.kr/produ… | 2025-01-12 | 2025-01-12 |
| URL | http://ableinfo.co.kr/product/d… | 2025-01-12 | 2025-01-12 |
| URL | http://hanmack.gamgakname.com/f… | 2025-01-12 | 2025-01-12 |
| URL | http://ableinfo.co.kr/newwin/do… | 2025-01-12 | 2025-01-12 |
| URL | http://ableinfo.co.kr/newwin/in… | 2025-01-12 | 2025-01-12 |
| URL | http://dalcommusic.com/mail/ser… | 2025-01-12 | 2025-01-12 |
| URL | http://ableinfo.co.kr/product/d… | 2025-01-12 | 2025-01-12 |
| URL | http://ableinfo.co.kr/newwin/lo… | 2025-01-12 | 2025-01-12 |
| URL | http://ipkey.cafe24.com/online/… | 2025-01-12 | 2025-01-12 |
| URL | http://hanmack.gamgakname.com/f… | 2025-01-12 | 2025-01-12 |
| URL | http://mklawgroup.co.kr/admin/c… | 2025-01-12 | 2025-01-12 |
| URL | http://komoonsa.co.kr/editor/po… | 2025-01-12 | 2025-01-12 |
| URL | http://dalcommusic.com/mail/get… | 2025-01-12 | 2025-01-12 |
| URL | http://miraewood.co.kr/bbs/data… | 2025-01-12 | 2025-01-12 |
| URL | http://www.skmslu.org/btn/verif… | 2025-01-12 | 2025-01-12 |
| URL | http://ableinfo.co.kr/admin/log… | 2025-01-12 | 2025-01-12 |
| URL | http://ipkey.cafe24.com/btn/mai… | 2025-01-12 | 2025-01-12 |
| URL | http://dalcommusic.com/mail/ser… | 2025-01-12 | 2025-01-12 |
| URL | http://scop.co.kr/wi_item/recv.… | 2025-01-12 | 2025-01-12 |
| URL | http://dalcommusic.com/mail/ser… | 2025-01-12 | 2025-01-12 |
| URL | http://www.skmslu.org/btn/verif… | 2025-01-12 | 2025-01-12 |
| URL | http://komoonsa.co.kr/editor/da… | 2025-01-12 | 2025-01-12 |
| URL | http://dalcommusic.com/member/r… | 2025-01-12 | 2025-01-12 |
| URL | http://shinkwangpub.com/module/… | 2025-01-12 | 2025-01-12 |
| URL | http://deerfos.com/overseas/rec… | 2025-01-12 | 2025-01-12 |
| URL | http://dalcommusic.com/mail/ser… | 2025-01-12 | 2025-01-12 |
| URL | http://ipkey.cafe24.com/online/… | 2025-01-12 | 2025-01-12 |
| URL | http://graphite.co.kr/install/f… | 2025-01-12 | 2025-01-12 |
| URL | http://seoulsong.co.kr/module/t… | 2025-01-12 | 2025-01-12 |
| URL | http://webuild.co.kr/bbs/Fonts/… | 2025-01-12 | 2025-01-12 |
| URL | http://ableinfo.co.kr/newwin/in… | 2025-01-12 | 2025-01-12 |
| DOMAIN | mklawgroup.co.kr | 2025-01-12 | 2025-01-12 |
| DOMAIN | scop.co.kr | 2025-01-12 | 2025-01-12 |
| DOMAIN | deerfos.com | 2025-01-12 | 2025-01-12 |
| DOMAIN | komoonsa.co.kr | 2025-01-12 | 2025-01-12 |
| DOMAIN | udcontest.ableforum.com | 2025-01-12 | 2025-01-12 |
| DOMAIN | dalcommusic.com | 2025-01-12 | 2025-01-12 |
| DOMAIN | hanmack.gamgakname.com | 2025-01-12 | 2025-01-12 |
| DOMAIN | shinkwangpub.com | 2025-01-12 | 2025-01-12 |
| DOMAIN | theplan-arch.co.kr | 2025-01-12 | 2025-01-12 |
| DOMAIN | ipkey.cafe24.com | 2025-01-12 | 2025-01-12 |
| DOMAIN | miraewood.co.kr | 2025-01-12 | 2025-01-12 |
| DOMAIN | webuild.co.kr | 2025-01-12 | 2025-01-12 |
| DOMAIN | seoulsong.co.kr | 2025-01-12 | 2025-01-12 |
| DOMAIN | graphite.co.kr | 2025-01-12 | 2025-01-12 |
| DOMAIN | ableinfo.co.kr | 2023-08-30 | 2025-01-12 |
Related Actors
Related Reports
Shares tag: APT37 • Same author: Hauri
2025-02-10 •
60% Match
Targeted Threats Research - South & North Korea (a breakdown of 3 years of threat research in Korea)
0x0v1
Shares tag: APT37 • Published within a month
Shares tag: APT37 • Published within a month
Shares tag: APT37 • Published within a week
Shares tag: APT37 • Published within a month
Shares tag: APT37