{ "type": "bundle", "id": "bundle--3eefd7af-50d3-4e6f-ac47-5693acd05a38", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--1fccd592-25a0-4cda-9627-ebe8eb44fc83", "created": "2023-03-08T12:51:53.039568Z", "modified": "2023-03-08T12:51:53.039645Z", "name": "Cybereason", "identity_class": "organization" }, { "type": "url", "spec_version": "2.1", "id": "url--ba2c50a5-bbda-45a3-95ab-409f40e5aa5c", "value": "http://foxonline123.atwebpages.com/home/jpg/download.php?filename=flower03" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--183febe2-4205-47c5-839f-ace8848938e9", "value": "foxonline123.atwebpages.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--966773f4-ee98-4bba-a5a8-4ace237d84df", "value": "portable.epizy.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--5faa19ed-f028-4ef5-a3d0-cb4c6aa26a12", "value": "eastsea.or.kr" }, { "type": "file", "spec_version": "2.1", "id": "file--3683c544-2dc5-431b-984f-2ac3d20f8f12", "hashes": { "SHA-256": "7af3930958f84e0b64f8297d1a556aab359bb65691208dc88ea4fc9698250c43" } }, { "type": "file", "spec_version": "2.1", "id": "file--936a4fa8-c867-4552-bb81-0faffa0f85f1", "hashes": { "SHA-1": "90d00ecb1e903959a3853e8ee1c8af89fb82a179" } }, { "type": "file", "spec_version": "2.1", "id": "file--e6d34392-0e4e-4a88-a3b0-c7076add2d67", "hashes": { "SHA-256": "97d4898c4e70335f0adbbace34593236cb84e849592e5971a797554d3605d323" } }, { "type": "file", "spec_version": "2.1", "id": "file--0bf1ee49-cd5f-4e03-bcc9-8cb64cfbeb1a", "hashes": { "SHA-256": "65fe4cd6deed85c3e39b9c1bb7c403d0e69565c85f7cd2b612ade6968db3a85c" } }, { "type": "file", "spec_version": "2.1", "id": "file--7e223d0d-fc42-46a1-8ae3-37eceb043e5b", "hashes": { "SHA-1": "f846981567760d40b5a90c8923ca8c2e7c881c5f" } }, { "type": "file", "spec_version": "2.1", "id": "file--f8533db8-5402-43e4-8165-6ec623a2ecb1", "hashes": { "SHA-256": "d88c5695ccd83dce6729b84c8c43e8a804938a7ab7cfeccaa0699d6b1f81c95c" } }, { "type": "file", "spec_version": "2.1", "id": "file--8dd81c5e-beb7-4fc0-9452-fdf41cbb569c", "hashes": { "SHA-256": "e9ea5d4e96211a28fe97ecb21b7372311a6fa87ce23db4dd118dc204820e011c" } }, { "type": "file", "spec_version": "2.1", "id": "file--37c18f03-e8a7-4430-a85a-c453c5a341b7", "hashes": { "SHA-256": "e4d28fd7e0fc63429fc199c1b683340f725f0bf9834345174ff0b6a3c0b1f60e" } }, { "type": "file", "spec_version": "2.1", "id": "file--d463aa54-e423-47f6-a916-d8b6b25c56ed", "hashes": { "SHA-256": "f989d13f7d0801b32735fee018e816f3a2783a47cff0b13d70ce2f1cbc754fb9" } }, { "type": "file", "spec_version": "2.1", "id": "file--6de2864c-b846-4f5f-b051-a91f9419a932", "hashes": { "SHA-256": "af13b16416760782ec81d587736cb4c9b2e7099afc10cb764eeb4c922ee8802f" } }, { "type": "file", "spec_version": "2.1", "id": "file--e4cc031f-0f72-4c4f-99ac-d9c3cc9d35c5", "hashes": { "SHA-256": "66fc8b03bc0ab95928673e0ae7f06f34f17537caf159e178a452c2c56ba6dda7" } }, { "type": "file", "spec_version": "2.1", "id": "file--093f9734-dee4-4ead-8ec6-cd605286c6a8", "hashes": { "SHA-256": "bcf4113ec8e888163f1197a1dd9430a0df46b07bc21aba9c9a1494d2d07a2ba9" } }, { "type": "file", "spec_version": "2.1", "id": "file--5c480ba6-6d79-43d4-b8fa-fc31d361f8b7", "hashes": { "SHA-256": "fa282932f1e65235dc6b7dba2b397a155a6abed9f7bd54afbc9b636d2f698b4b" } }, { "type": "file", "spec_version": "2.1", "id": "file--7036e783-b5c4-4567-8de4-5e538b31d432", "hashes": { "SHA-256": "7158099406d99db82b7dc9f6418c1189ee472ce3c25a3612a5ec5672ee282dc0" } }, { "type": "file", "spec_version": "2.1", "id": "file--4f0ce4ae-9b43-4b9b-b2f9-678565fde3e1", "hashes": { "SHA-1": "87b35e1998bf00a8b7e32ed391c217deaec408ad" } }, { "type": "url", "spec_version": "2.1", "id": "url--7bde5eef-8fb7-4969-a464-8bf227336a53", "value": "http://wave.posadadesantiago.com/home/dwn.php?van=10860" }, { "type": "url", "spec_version": "2.1", "id": "url--c02c1009-b8df-4e29-93d0-bc415b7d0538", "value": "http://hao.aini.pe.hu/init/image?i=ping&u=8dc1078f1639d34c&p=wait" }, { "type": "url", "spec_version": "2.1", "id": "url--5bf0f086-e07f-4768-9b0e-b31b004ef66b", "value": "http://attachchosun.atwebpages.com/leess1982/leess1982.ps1" }, { "type": "url", "spec_version": "2.1", "id": "url--6559db97-c4f0-402b-88cd-6337d63fe7e3", "value": "http://portable.epizy.com/img/png/download.php?filename=images01" }, { "type": "url", "spec_version": "2.1", "id": "url--7a513d97-45dc-42c5-a8cc-6d5422f24107", "value": "http://nhpurumy.mireene.com/theme/basic/skin/member/basic/" }, { "type": "url", "spec_version": "2.1", "id": "url--0aca433b-fb35-43c4-93ac-0b422a380851", "value": "http://mernberinfo.tech/wp-data/?m=dunan&p=de3f6e263724&v=win6.1.0-sp1-x64" }, { "type": "url", "spec_version": "2.1", "id": "url--8678b464-ceb8-4fec-b731-aa33a3e44d73", "value": "http://dongkuiri.atwebpages.com/venus02/venus03/venus03.ps1" }, { "type": "url", "spec_version": "2.1", "id": "url--36b790dd-eafc-40ff-8359-8db562bf0e3c", "value": "http://myaccounts.posadadesantiago.com/test/Update.php?wShell=201" }, { "type": "url", "spec_version": "2.1", "id": "url--79405e55-a00d-4884-b099-7955bb55fbe3", "value": "http://eastsea.or.kr/?m=a&p1=00000009&p2=Win6.1.7601x64-Spy-v2370390" }, { "type": "url", "spec_version": "2.1", "id": "url--8af536f9-1f08-43f2-adb9-b7644f6b11e0", "value": "http://csv.posadadesantiago.com/home?id=" }, { "type": "url", "spec_version": "2.1", "id": "url--e16c99f4-fc35-48a2-bb3d-c459738cd3d7", "value": "http://wave.posadadesantiago.com/home/dwn.php?van=102" }, { "type": "url", "spec_version": "2.1", "id": "url--ba51e85c-18ee-41d6-a476-95013827ab86", "value": "http://myaccounts.posadadesantiago.com/test/Update" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--de315d67-32f7-4e18-9500-deafa06b1f58", "value": "dongkuiri.atwebpages.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--f22e9df0-ffb2-4ae3-b504-5f86319afdf3", "value": "csv.posadadesantiago.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--730e2cc6-04cc-4c92-878f-23818fa0e80e", "value": "hao.aini.pe.hu" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--0b70b862-52cc-4f64-ba12-39c5b43da85e", "value": "attachchosun.atwebpages.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--02eaa8c3-c3fa-4810-a96d-b212cdc396e6", "value": "myaccounts.posadadesantiago.com" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--96be676f-e256-4b11-a828-dd74ec504023", "value": "mernberinfo.tech" }, { "type": "file", "spec_version": "2.1", "id": "file--fafd1449-4747-4e4a-ac68-a7cd38993880", "hashes": { "SHA-256": "252d1b7a379f97fddd691880c1cf93eaeb2a5e5572e92a25240b75953c88736c" } }, { "type": "url", "spec_version": "2.1", "id": "url--b47885d5-2e54-487f-b944-adc5eb2fce94", "value": "http://wave.posadadesantiago.com/home/dwn.php?van=101" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--0090e932-c023-4c84-8792-c0fb3b78f181", "value": "wave.posadadesantiago.com" }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--829c7896-5197-4e71-a733-e930843667e3", "value": "173.205.125.124" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--a2c6613a-10c4-444d-891b-b543e5f96f68", "value": "nhpurumy.mireene.com" }, { "type": "url", "spec_version": "2.1", "id": "url--41360e36-f54a-4fd1-bdba-c359cce1c066", "value": "http://jmable.mireene.com/shop/kcp/js/com/expres.php?op=2" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--800e1044-6b7b-4d44-8051-ec3d0d5f9b26", "value": "jmable.mireene.com" }, { "type": "threat-actor", "spec_version": "2.1", "id": "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1", "created": "2026-06-24T18:21:00.768879Z", "modified": "2026-06-24T18:21:00.768879Z", "name": "Kimsuky" }, { "type": "report", "spec_version": "2.1", "id": "report--e3563b44-c44e-4a6f-8082-eb3e1ce192e8", "created_by_ref": "identity--1fccd592-25a0-4cda-9627-ebe8eb44fc83", "created": "2026-06-24T18:21:00.77213Z", "modified": "2026-06-24T18:21:00.77213Z", "name": "Back to the Future: Inside the Kimsuky KGH Spyware Suite", "published": "2020-11-02T00:00:00Z", "object_refs": [ "identity--1fccd592-25a0-4cda-9627-ebe8eb44fc83", "url--ba2c50a5-bbda-45a3-95ab-409f40e5aa5c", "domain-name--183febe2-4205-47c5-839f-ace8848938e9", "domain-name--966773f4-ee98-4bba-a5a8-4ace237d84df", "domain-name--5faa19ed-f028-4ef5-a3d0-cb4c6aa26a12", "file--3683c544-2dc5-431b-984f-2ac3d20f8f12", "file--936a4fa8-c867-4552-bb81-0faffa0f85f1", "file--e6d34392-0e4e-4a88-a3b0-c7076add2d67", "file--0bf1ee49-cd5f-4e03-bcc9-8cb64cfbeb1a", "file--7e223d0d-fc42-46a1-8ae3-37eceb043e5b", "file--f8533db8-5402-43e4-8165-6ec623a2ecb1", "file--8dd81c5e-beb7-4fc0-9452-fdf41cbb569c", "file--37c18f03-e8a7-4430-a85a-c453c5a341b7", "file--d463aa54-e423-47f6-a916-d8b6b25c56ed", "file--6de2864c-b846-4f5f-b051-a91f9419a932", "file--e4cc031f-0f72-4c4f-99ac-d9c3cc9d35c5", "file--093f9734-dee4-4ead-8ec6-cd605286c6a8", "file--5c480ba6-6d79-43d4-b8fa-fc31d361f8b7", "file--7036e783-b5c4-4567-8de4-5e538b31d432", "file--4f0ce4ae-9b43-4b9b-b2f9-678565fde3e1", "url--7bde5eef-8fb7-4969-a464-8bf227336a53", "url--c02c1009-b8df-4e29-93d0-bc415b7d0538", "url--5bf0f086-e07f-4768-9b0e-b31b004ef66b", "url--6559db97-c4f0-402b-88cd-6337d63fe7e3", "url--7a513d97-45dc-42c5-a8cc-6d5422f24107", "url--0aca433b-fb35-43c4-93ac-0b422a380851", "url--8678b464-ceb8-4fec-b731-aa33a3e44d73", "url--36b790dd-eafc-40ff-8359-8db562bf0e3c", "url--79405e55-a00d-4884-b099-7955bb55fbe3", "url--8af536f9-1f08-43f2-adb9-b7644f6b11e0", "url--e16c99f4-fc35-48a2-bb3d-c459738cd3d7", "url--ba51e85c-18ee-41d6-a476-95013827ab86", "domain-name--de315d67-32f7-4e18-9500-deafa06b1f58", "domain-name--f22e9df0-ffb2-4ae3-b504-5f86319afdf3", "domain-name--730e2cc6-04cc-4c92-878f-23818fa0e80e", "domain-name--0b70b862-52cc-4f64-ba12-39c5b43da85e", "domain-name--02eaa8c3-c3fa-4810-a96d-b212cdc396e6", "domain-name--96be676f-e256-4b11-a828-dd74ec504023", "file--fafd1449-4747-4e4a-ac68-a7cd38993880", "url--b47885d5-2e54-487f-b944-adc5eb2fce94", "domain-name--0090e932-c023-4c84-8792-c0fb3b78f181", "ipv4-addr--829c7896-5197-4e71-a733-e930843667e3", "domain-name--a2c6613a-10c4-444d-891b-b543e5f96f68", "url--41360e36-f54a-4fd1-bdba-c359cce1c066", "domain-name--800e1044-6b7b-4d44-8051-ec3d0d5f9b26", "threat-actor--3cad7692-b5b4-565b-88b1-63998b3f44a1" ], "external_references": [ { "source_name": "source", "url": "https://www.cybereason.com/blog/back-to-the-future-inside-the-kimsuky-kgh-spyware-suite" } ] } ] }