{ "type": "bundle", "id": "bundle--e95b0dbd-a46a-4990-bb9e-36be680c4010", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--a8d58fde-d21c-496d-a3ff-84409afef5b4", "created": "2023-03-08T12:51:56.363175Z", "modified": "2024-08-19T10:06:03.021098Z", "name": "Qianxin", "identity_class": "organization" }, { "type": "file", "spec_version": "2.1", "id": "file--47fcd9a6-b235-45e5-94b9-5c6d7e908773", "hashes": { "MD5": "7457dc037c4a5f3713d9243a0dfb1a2c" } }, { "type": "file", "spec_version": "2.1", "id": "file--9af1c554-d7c1-4334-a56e-90bf90faf2a2", "hashes": { "MD5": "88f183304b99c897aacfa321d58e1840" } }, { "type": "file", "spec_version": "2.1", "id": "file--5b9bae94-6491-48e1-97bd-b5bc0d06c018", "hashes": { "MD5": "27ef6917fe32685fdf9b755eb8e97565" } }, { "type": "file", "spec_version": "2.1", "id": "file--f1427f19-cd4c-4a93-bc73-214ecf7018a1", "hashes": { "MD5": "7b6d02a459fdaa4caa1a5bf741c4bd42" } }, { "type": "file", "spec_version": "2.1", "id": "file--ab025434-4079-4d14-a797-9f97c1d9c813", "hashes": { "MD5": "c8e7b0d3b6afa22e801cacaf16b37355" } }, { "type": "url", "spec_version": "2.1", "id": "url--8bebe6a1-1beb-45a1-80d3-74a7ad87ba2b", "value": "http://qi.limsjo.p-e.kr/index.php" }, { "type": "url", "spec_version": "2.1", "id": "url--63a4722d-8ddc-457f-a6b6-6e5f1a3cd43c", "value": "http://ol.negapa.p-e.kr/index.php" }, { "type": "url", "spec_version": "2.1", "id": "url--888e6bd4-f278-400c-a374-bb62c934120f", "value": "http://ai.negapa.p-e.kr/index.php" }, { "type": "url", "spec_version": "2.1", "id": "url--8cfb1781-c7f1-4b76-92e2-721d5ff352e4", "value": "http://ar.kostin.p-e.kr/index.php" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--59bf25ac-0dd6-44d1-a941-55b10f0b55a6", "value": "ai.negapa.p-e.kr" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--4021851c-cd46-4620-88ee-d6ade3210b99", "value": "ar.kostin.p-e.kr" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--32cc4c56-b274-4ee9-92c2-4922895e6738", "value": "ol.negapa.p-e.kr" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--b087534e-3965-4a3f-8a8e-e473cb91a00e", "value": "qi.limsjo.p-e.kr" }, { "type": "file", "spec_version": "2.1", "id": "file--2f65ca45-d3ce-4460-9aa4-c395f4567d31", "hashes": { "MD5": "19c2decfa7271fa30e48d4750c1d18c1" } }, { "type": "file", "spec_version": "2.1", "id": "file--c7f8db1b-a142-412b-839f-126b5541feb3", "hashes": { "MD5": "87429e9223d45e0359cd1c41c0301836" } }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--f4e1a568-05f6-4a59-ae79-6c12e1a480df", "value": "ai.kostin.p-e.kr" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--0818be3e-64d4-4603-89cf-acfb7b402b3f", "value": "coolsystem.co.kr" }, { "type": "domain-name", "spec_version": "2.1", "id": "domain-name--392d7bf9-54eb-4d26-9545-4bd8c023a4ac", "value": "ai.limsjo.p-e.kr" }, { "type": "file", "spec_version": "2.1", "id": "file--10d2cbac-ae08-4c52-af9c-3b5aab007904", "hashes": { "MD5": "d259ef7500e7e667afc42e9570f9707a" } }, { "type": "file", "spec_version": "2.1", "id": "file--1e1d41f6-5cab-4622-bd01-fce3ad36ac1c", "hashes": { "MD5": "eb8d073840e95cf24c9c3f5a2b6470e0" } }, { "type": "url", "spec_version": "2.1", "id": "url--8d5704e2-ac06-434f-bf6b-61a2f26e3ea8", "value": "http://ai.limsjo.p-e.kr/index.php" }, { "type": "url", "spec_version": "2.1", "id": "url--6ed263da-c1f3-45e7-8210-d8217f4a3799", "value": "http://ai.kostin.p-e.kr/index.php" }, { "type": "url", "spec_version": "2.1", "id": "url--7a77a8ef-cd40-4c9a-b669-31c47c99f41e", "value": "http://coolsystem.co.kr/admin/mail/index.php" }, { "type": "file", "spec_version": "2.1", "id": "file--ecedcc33-080a-47b7-a379-77c7678b4920", "hashes": { "MD5": "d6abeeb469e2417bbcd3c122c06ba099" } }, { "type": "threat-actor", "spec_version": "2.1", "id": "threat-actor--421ba00f-4658-5a1b-b6f1-5b34532eaaed", "created": "2026-06-24T19:53:46.396161Z", "modified": "2026-06-24T19:53:46.396161Z", "name": "APT-Q-2" }, { "type": "report", "spec_version": "2.1", "id": "report--b1e4b053-7cab-4a51-bd06-5733d71f150e", "created_by_ref": "identity--a8d58fde-d21c-496d-a3ff-84409afef5b4", "created": "2026-06-24T19:53:46.399431Z", "modified": "2026-06-24T19:53:46.399431Z", "name": "Espionage Operation Disguised as Software Installers by Kimsuky (APT-Q-2)", "published": "2024-03-05T00:00:00Z", "object_refs": [ "identity--a8d58fde-d21c-496d-a3ff-84409afef5b4", "file--47fcd9a6-b235-45e5-94b9-5c6d7e908773", "file--9af1c554-d7c1-4334-a56e-90bf90faf2a2", "file--5b9bae94-6491-48e1-97bd-b5bc0d06c018", "file--f1427f19-cd4c-4a93-bc73-214ecf7018a1", "file--ab025434-4079-4d14-a797-9f97c1d9c813", "url--8bebe6a1-1beb-45a1-80d3-74a7ad87ba2b", "url--63a4722d-8ddc-457f-a6b6-6e5f1a3cd43c", "url--888e6bd4-f278-400c-a374-bb62c934120f", "url--8cfb1781-c7f1-4b76-92e2-721d5ff352e4", "domain-name--59bf25ac-0dd6-44d1-a941-55b10f0b55a6", "domain-name--4021851c-cd46-4620-88ee-d6ade3210b99", "domain-name--32cc4c56-b274-4ee9-92c2-4922895e6738", "domain-name--b087534e-3965-4a3f-8a8e-e473cb91a00e", "file--2f65ca45-d3ce-4460-9aa4-c395f4567d31", "file--c7f8db1b-a142-412b-839f-126b5541feb3", "domain-name--f4e1a568-05f6-4a59-ae79-6c12e1a480df", "domain-name--0818be3e-64d4-4603-89cf-acfb7b402b3f", "domain-name--392d7bf9-54eb-4d26-9545-4bd8c023a4ac", "file--10d2cbac-ae08-4c52-af9c-3b5aab007904", "file--1e1d41f6-5cab-4622-bd01-fce3ad36ac1c", "url--8d5704e2-ac06-434f-bf6b-61a2f26e3ea8", "url--6ed263da-c1f3-45e7-8210-d8217f4a3799", "url--7a77a8ef-cd40-4c9a-b669-31c47c99f41e", "file--ecedcc33-080a-47b7-a379-77c7678b4920", "threat-actor--421ba00f-4658-5a1b-b6f1-5b34532eaaed" ], "external_references": [ { "source_name": "source", "url": "https://ti.qianxin.com/blog/articles/Espionage-Operation-Disguised-as-Software-Installers-by-Kimsuky-APT-Q-2-EN/" } ] } ] }