Detecting Ongoing STARK#MULE Attack Campaign Targeting Victims Using US Military Document Lures

2023-07-28 Securonix

https://www.securonix.com/blog/detecting-ongoing-starkmule-attack-campaign-targeting-victims-using-us-military-document-lures/

Thumbnail for Detecting Ongoing STARK#MULE Attack Campaign Targeting Victims Using US Military Document Lures

Based on the source and likely targets, these types of attacks are on par with past attacks stemming from typical North Korean groups such as APT37 as South Korea has historically been a primary target of the group, especially its government officials. request_raw: mpVI=MDA[REDACTED]wxMC44LjIuNywxNQ== request_raw mpCMD=sss&mpVID=00-[REDACTED MAC]-00 C2 and infrastructure The threat actor’s infrastructure appears to be solely based on two compromised websites that appear to be legitimate businesses. The final stage of the attack chain ends with an interesting and persistent malware embedded into the target’s machine which runs on a scheduled task and immediately opens communication over HTTP. The entire malicious infrastructure used in the STARK#MULE campaign is centered around legitimate compromised Korean e-commerce websites.

Indicators of Compromise

Type Value First Seen Last Seen
HASH 7893c8b41a2e4281e73a1761061ac9e… 2023-07-28 2023-07-28
HASH e4a8610461d3b3c534346b9c874edff… 2023-07-28 2023-07-28
HASH 89062a28f33021539ab3d197c124040… 2023-07-28 2023-07-28
HASH 6149d861f38db6d6f5110b234edb1ba… 2023-07-28 2023-07-28
HASH c90ebf988f96c9a51d6ad0b23ad7260… 2023-07-28 2023-07-28
HASH 019e4327b8292dad32c92209a1e0fa0… 2023-07-28 2023-07-28
HASH 6f11c52f01e5696b1ac0faf6c19b0b4… 2023-07-28 2023-07-28
URL http://www.jkmusic.co.kr 2023-07-28 2023-07-28
URL http://www.notebooksell.kr 2023-07-28 2023-07-28
URL http://www.notebooksell.kr/mall… 2023-07-28 2023-07-28
URL https://www.pcworld.com/article… 2023-07-28 2023-07-28
IPv4 182.162.94.42 2023-07-28 2023-07-28
IPv4 183.111.169.84 2023-07-28 2023-07-28
URL http://www.jkmusic.co.kr/shop/d… 2023-07-25 2023-07-28
URL http://www.jkmusic.co.kr/shop/d… 2023-07-25 2023-07-28

Related Reports

2021-12-02 • 29% Match
#Lazarus #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1584.004 #T1005 #T1070.004 #T1587.001 #T1041 #T1560 #T1608.001 #T1071.001 #T1046 #T1083 #T1056.001 #T1204.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1124 #T1057 #T1059.005 #T1583.006 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1583.001 #T1059.001 #T1036.005 #T1132.001 #T1001.003 #T1585.001 #T1497.001 #T1105 #T1553.002 #T1620 #T1574.002 #T1562.001 #T1027.002 #T1489 #T1078 #T1008 #T1573.001 #T1571 #T1491.001 #T1218 #T1220 #T1203 #T1189 #T1049 #T1564.001 #T1098 #T1016 #T1074.001 #T1588.002 #T1562.004 #T1591 #T1218.011 #T1583.004 #T1036.004 #T1588.003 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1048.003 #T1134.002 #T1027.007 #T1021.001 #T1106 #T1090.001 #T1070 #T1047 #T1574.013 #T1561.001 #T1036.003 #T1529 #T1055.001 #T1614.001 #T1010 #T1021.002 #T1033 #T1543.003 #T1485 #T1090.002 #T1542.003 #T1560.002 #T1012 #T1110 #T1547.009 #T1110.003 #T1534 #T1588.004 #T1104 #T1591.004 #T1561.002 #T1608.002 #T1202 #T1221 #T1557.001 #T1087.002 #T1560.003 #T1070.003 #T1021.004 #T0865
Shares tags: T1584.004, T1204.002, T1566.001
2022-07-20 • 28% Match
#Konni #StiffBizon #T1082 #T1119 #T1059.003 #T1070.004 #T1041 #T1113 #T1020 #T1071.001 #T1204.002 #T1555.003 #T1057 #T1059.005 #T1566.001 #T1053.005 #T1539 #T1059.001 #T1053 #T1132.001 #T1105 #T1548.002 #T1134.001 #T1033 #T1569.002 #T1543.003 #T1560.003 #T1007 #T1027.005 #T1606.001
Shares tags: T1204.002, T1566.001, T1053.005 • Same author: Securonix
2025-08-13 • 25% Match
#Lazarus #T1102.002 #T1082 #T1059.003 #T1567.002 #T1140 #T1584.004 #T1005 #T1070.004 #T1587.001 #T1041 #T1560 #T1608.001 #T1071.001 #T1046 #T1083 #T1056.001 #T1204.001 #T1036 #T1027 #T1204.002 #T1566.002 #T1566.003 #T1124 #T1057 #T1059.005 #T1583.006 #T1566.001 #T1547.001 #T1585.002 #T1053.005 #T1583.001 #T1059.001 #T1036.005 #T1132.001 #T1001.003 #T1585.001 #T1497.001 #T1105 #T1553.002 #T1620 #T1574.002 #T1562.001 #T1027.002 #T1489 #T1078 #T1008 #T1571 #T1491.001 #T1218 #T1220 #T1203 #T1189 #T1049 #T1564.001 #T1098 #T1016 #T1074.001 #T1588.002 #T1562.004 #T1591 #T1218.011 #T1583.004 #T1036.004 #T1588.003 #T1218.010 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1048.003 #T1134.002 #T1027.007 #T1021.001 #T1106 #T1090.001 #T1573 #T1070 #T1047 #T1574.013 #T1561.001 #T1036.003 #T1529 #T1055.001 #T1614.001 #T1010 #T1021.002 #T1033 #T1543.003 #T1485 #T1090.002 #T1542.003 #T1560.002 #T1012 #T1110 #T1547.009 #T1110.003 #T1534 #T1588.004 #T1104 #T1591.004 #T1561.002 #T1608.002 #T1202 #T1221 #T1557.001 #T1087.002 #T1560.003 #T1070.003 #T1021.004
Shares tags: T1584.004, T1204.002, T1566.001
2026-01-13 • 21% Match
#Kimsuky #T1102.002 #T1059.003 #T1567.002 #T1070.004 #T1587.001 #T1041 #T1608.001 #T1071.001 #T1112 #T1056.001 #T1059.006 #T1204.001 #T1059.007 #T1027 #T1204.002 #T1566.002 #T1555.003 #T1059.005 #T1583.006 #T1566.001 #T1585.002 #T1053.005 #T1598.003 #T1583.001 #T1059.001 #T1036.005 #T1566 #T1585.001 #T1656 #T1205 #T1105 #T1055 #T1553.002 #T1620 #T1102.001 #T1027.002 #T1133 #T1190 #T1593 #T1588.002 #T1657 #T1055.012 #T1587 #T1078.003 #T1071.002 #T1562.004 #T1550.002 #T1111 #T1071.003 #T1591 #T1003.001 #T1218.011 #T1585 #T1593.002 #T1598 #T1583 #T1586.002 #T1588.005 #T1583.004 #T1036.004 #T1588.003 #T1589.003 #T1594 #T1218.010 #T1557 #T1219.002 #T1593.001 #T1218.005 #T1589.002 #T1584.001 #T1070.006 #T1596
Shares tags: T1204.002, T1566.001, T1053.005
« Back