APT37 위협 배후의 사이버 정찰 활동 분석
2024-11-04 • Genians • Analysis of Cyber Reconnaissance Activity Behind the APT37 Threat •
https://www.genians.co.kr/blog/threat_intelligence/apt37_recon
Genians analyzes APT37 reconnaissance activity against South Korea, including collection of target IP address, location, web browser, and operating-system details before endpoint compromise. The report links the activity to prepared threat infrastructure and notes that the actor has repeatedly used malicious LNK files as a core delivery strategy. It recommends endpoint telemetry and behavioral detection because this reconnaissance phase can precede targeted espionage against North Korean human-rights groups, defectors, journalists, and policy or defense specialists.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| [email protected] | 2024-04-23 | 2025-12-21 | |
| [email protected] | 2024-04-23 | 2025-05-12 | |
| [email protected] | 2024-03-27 | 2025-05-12 | |
| [email protected] | 2024-03-27 | 2025-05-12 | |
| [email protected] | 2024-03-27 | 2025-05-12 | |
| HASH | 358122718ba11b3e8bb56340dbe94f51 | 2024-04-23 | 2025-01-01 |
| HASH | 7a66738cca9f86f4133415eedcbf8e88 | 2024-11-04 | 2024-11-04 |
| HASH | 105ecd9f6585df4e1fe267c2809ee190 | 2024-11-04 | 2024-11-04 |
| HASH | 852544f01172b8bae14ec3e4d0b35115 | 2024-11-04 | 2024-11-04 |
| HASH | e4ddd5cc8b5f4d791f27d676d809f668 | 2024-11-04 | 2024-11-04 |
| HASH | acf4085b2fa977fc1350f0ddc2710502 | 2024-11-04 | 2024-11-04 |
| DOMAIN | navarar.com | 2024-11-04 | 2024-11-04 |
| DOMAIN | filedownloadserve.com | 2024-11-04 | 2024-11-04 |
| DOMAIN | kakaofilestorage.com | 2024-11-04 | 2024-11-04 |
| IPv4 | 141.164.60.110 | 2024-11-04 | 2024-11-04 |
| IPv4 | 223.104.236.114 | 2024-11-04 | 2024-11-04 |
| IPv4 | 108.181.52.236 | 2024-11-04 | 2024-11-04 |
| IPv4 | 108.181.52.229 | 2024-11-04 | 2024-11-04 |
| IPv4 | 108.181.52.234 | 2024-11-04 | 2024-11-04 |
| IPv4 | 158.247.249.129 | 2024-11-04 | 2024-11-04 |
| IPv4 | 108.181.52.231 | 2024-11-04 | 2024-11-04 |
| IPv4 | 141.164.62.19 | 2024-11-04 | 2024-11-04 |
| IPv4 | 108.181.52.169 | 2024-11-04 | 2024-11-04 |
| IPv4 | 108.181.52.235 | 2024-11-04 | 2024-11-04 |
| IPv4 | 175.214.194.61 | 2024-11-04 | 2024-11-04 |
| IPv4 | 61.97.243.2 | 2024-11-04 | 2024-11-04 |
| IPv4 | 158.247.219.10 | 2024-11-04 | 2024-11-04 |
| IPv4 | 108.181.50.58 | 2024-11-04 | 2024-11-04 |
| HASH | b85a6b1eb7418aa5da108bc0df824fc0 | 2024-04-23 | 2024-11-04 |
| HASH | 5f6682ad9da4590cba106e2f1a8cbe26 | 2024-03-04 | 2024-11-04 |